FYI the cameras in most phones (at least the ones I've played around with) contain no firmware. It's just a relatively dumb image sensor connected via a MIPI interface to the main SoC, and is under control of it. It cannot access memory on its own.
Don't know of any particular blogs/articles but you can e.g. Google "OV5647 datasheet" and read the datasheet for the RPi's camera chip. There's not much that could be a security concern on the camera module itself, since it's relatively dumb; it's what controls it that's a different issue.
