CVE
Vulnerable Software
Android App: Security Camera CZ <= 1.6.8
Vulnerability
Insecure Data Storage (M2, OWASP Mobile Top 10, 2016)
Time Line
- 28.05.2019 Vendor informed
- 29.05.2019 Vendor is trying to fix this within the next release
- 29.05.2019 Disclosure
Description
The Application Security Camera CZ through 1.6.8 stores pictures of the recorded video on the external data storage.
These pictures could contain very sensitive and personal data, because it’s widely used as a web- or babycam.
The external data storage is write/ readable by every other app on the device.
This could lead to the exposure of very sensitive data through an malicous app.