How an Apple webcam hack could have put iOS and MacOS users at risk
A hacker uncovers a series of exploits in Safari that could have terrifying implications for iPhone, iPad and Mac users.
An exploit was recently discovered in Apples app permissions that could have given access to people’s cameras, microphones, and screens on iOS and MacOS. Like most exploits and hacks, this one takes advantage of assumptions made by the designers of Apple’s permissions systems and interacts with those settings in ways those designers didn’t take into account. It’s not something the ordinary user would have ever encountered, but a savvy hacker could have used this feat in terrifying ways.
The “hacker” in this case is Ryan Pickren, who could be considered Internet famous at this point. He made a name for himself as a contract hacker tasked with using his skills to help organizations discover and close loopholes in their online security. His claims to fame are both impressive and disturbing because he has achieved incredible feats of technical intrusion. After a brief confrontation with the justice system over an illegal hack he committed into a college rival’s football team, he decided to use his powers for good and embark on a career in research. bug bounties for United Airlines.
Click the button below to start this article in quick view.
Fortunately, Pickren is on our side because its discovery of the security flaw with iOS permissions has been forwarded to Apple and fixed. The problem stems from the way Apple devices request access to a device’s hardware. A typical application will prompt the user to give it access to tools like camera, calendar, contacts, etc. Any smartphone user is familiar with this pop-up window. However, Apple’s proprietary apps, like Safari, have virtually automatic access to device functionality. Safari is then able to grant this access to websites that a user visits, to facilitate things like the web versions of Skype and Zoom to get instant access to a phone’s camera and microphone for video conferencing. This convenience, however, is also the path to this achievement.
How Safari Could Have Exposed People’s Cameras
Ryan Pickren’s blog post on this issue gives a full and detailed explanation of how it all works, but the extremely condensed version is that he managed to trick Safari into a false assumption about which websites a user has. consult. Using clever scripts, he was able to convince Safari that a web address and its contents were the same as on a different – trusted – website and that the browser was giving the bogus site access to the apparatus.
This is, again, not something an average hacker could have accomplished, but in nature it could have meant that anyone IPhone Camera and Microphone can be enabled and configured to record if they have visited the wrong websites. Additionally, this could be accomplished without the user’s knowledge, even if visited sites they thought were safe. It is essentially everyone’s worst surveillance nightmare. Fortunately, Apple worked with Pickren to resolve the issue and fixed the holes that caused it last month. For his work, the hacker was awarded $ 75,000.
Source: Ryan pickren
The public isn’t ready for Suicide Squad 2, says John Cena
About the Author