Unsecured Screen Recording Feature in Vivo V7 Android Devices
CVE-2018-15000
6.3MEDIUM
What is CVE-2018-15000?
The Vivo V7 Android device features a platform app that contains an exported service named com.vivo.smartshot.ui.service.ScreenRecordService, allowing unauthorized screen recording for up to 60 minutes. Although a recording notification typically appears, attackers can exploit the system by manipulating service parameters, leading to the potential concealment of this notification from users. Consequently, attackers can record user screens and save files directly to an app's private directory, significantly compromising user privacy.