The sub-techniques beta is now live! Read the release blog post for more info.

Capture Camera

Adversaries may utilize the camera to capture information about the user, their surroundings, or other physical identifiers. Adversaries may use the physical camera devices on a mobile device to capture images or video. By default, in Android and iOS, an application must request permission to access a camera device which is granted by the user through a request prompt. In Android, applications must hold the android.permission.CAMERA permission to access the camera. In iOS, applications must include the NSCameraUsageDescription key in the Info.plist file, and must request access to the camera at runtime.

ID: T1512
Tactic Type: Post-Adversary Device Access
Tactic: Collection
Platform: Android, iOS
MTC ID: APP-19
Version: 1.0
Created: 09 August 2019
Last Modified: 12 September 2019

Procedure Examples

Name Description
Dendroid

Dendroid can take pictures using the phone’s camera as well as record video.[3]

DroidJack

DroidJack can capture video using device cameras.[8]

Exodus

Exodus Two can take pictures with the device cameras. [11]

FlexiSpy

FlexiSpy can record video.[2]

Monokle

Monokle can take photos and videos.[12]

Pallas

Pallas can take pictures with both the front and rear-facing cameras.[9]

Pegasus for Android

Pegasus for Android has the ability to take pictures using the device camera.[4]

RCSAndroid

RCSAndroid can capture photos using the front and back cameras.[5]

Skygofree

Skygofree can record video or capture photos when an infected device is in a specified location.[10]

SpyDealer

SpyDealer can record video and take photos via front and rear cameras.[6]

Stealth Mango

Stealth Mango can record and take pictures using the front and back cameras.[7]

Mitigations

Mitigation Description
Application Vetting

During the vetting process applications using the android permission android.permission.CAMERA, or the iOS NSCameraUsageDescription plist entry could be analyzed more closely.

Use Recent OS Version

Android 9 and above restricts access to mic, camera, and other sensors from background applications. [1]

Detection

On Android and iOS, the user can view which applications have permission to use the camera through the device settings screen, and the user can choose to revoke the permissions.

References