A white-hat hacker was able to hijack iPhone cameras using a chain of three vulnerabilities he discovered. The same approach would also work with the cameras on Macs.
Ryan Pickren disclosed the vulnerabilities to Apple in December of last year. The company fixed the most serious of them in January, and the rest last month.
The approach relied on an exception to the normal privacy requirement for apps to seek permission for camera or microphone access…
Forbes reports that the exception was Apple’s own apps — including Safari.
Pickren found a total of seven zero-day vulnerabilities, and was able to combine three of them to gain access to the iPhone cameras and microphones.
He opted to delve into Apple Safari for iOS and macOS, to “hammer the browser with obscure corner cases” until weird behavior was uncovered. Pickren focused on the camera security model, which he readily admits was “pretty intense.”
That’s something of an understatement as Apple has made the camera very secure, or so it thought, by requiring any and every app that wants access to be explicitly granted camera/microphone permission, permission that is handled by an OS alert box.
Pickren found the exception to the rule, Apple’s apps, which is what led him to prod away at the Mobile Safari app to see how he could gain unauthorized access to the camera and microphone.
The hacker reported the bugs to Apple, and received a $75,000 bug bounty payment as thanks.
A fellow security researcher said that it’s surprising hackers haven’t focused more on mobile devices for this type of attack. The ability to hijack iPhone cameras would be especially valuable, he suggested.
