Posted on October 30, 2017 at 6:46 PM
A Google engineer discovered that certain Apple apps could access victims’ cameras to conduct espionage.
Apple devices were once considered the gold standard of security measures; a device impenetrable by common threats that frequently plague Android users. While Apple’s sophisticated built-in security measures still provide its user more protection than most Android devices, more and more attacks and threats have reared their heads in the Apple community.
Over the past year, security researchers and experts have encountered an increasing amount of threats to Apple devices, in the form of rogue apps and malicious software which exploits vulnerabilities and flaws found in Apple devices.
Another such vulnerability was found by Felix Krause, a Google engineer which found that rogue apps were able to access an Apple device’s camera to conduct covert espionage on the victim. By abusing the default permissions required by the user, certain apps can access the front and rear cameras of a device to spy on the victim.
To illustrate his findings, Krause created a fake social media app which takes photos of the victim every minute and then continues to upload these photos to the site, without the knowledge or permission of the victim. By developing this app, Krause intended to demonstrate the privacy loophole which could easily be exploited by iOS apps.
Granting permissions on iOS apps are constructed in such a way that once a user allows camera access to the app, the app enjoys full camera access which can be disabled once the pictures have been taken. However, according to Krause’s findings, once camera access has been granted, the app can continue to take photos and record videos even when the app and permission have been disabled.
According to Krause the main concerns with cameras in smartphones, including iPhones is that the user has no way of knowing when the camera is in use. Usually in laptops, there is a light which indicates that the camera is switched on, however, in smartphones there is no indication the victim can use to know when their camera is being used.
While this system is not a specific security vulnerability, it is a feature of Apple’s system which could prove vulnerable to exploit and to put users and their personal security at risk. During an interview with Edward Snowden on Last Week Tonight, Snowden stated to host, John Oliver, in no uncertain terms that the National Security Agency (NSA) had the ability to conduct espionage on unsuspecting users via their smartphones. In addition, Snowden also confirmed that the NSA could collect a victim’s personal photos once their device has been targeted.
To minimize the possible threats posed by hijacked device cameras, Krause has suggested that Apple implement a new system which would notify the user when their device camera is being used by a third-party app. In addition, Krause also cautioned users to not download redundant or unnecessary apps which require extensive permissions, as these usually pose a threat to a user’s personal safety.