Bye bye privacy! Live streaming, and shooting of video and pictures from Apple iPhone, without user being aware
Apple is facing questions over the way it grants iPhone apps permission to use the phone’s camera, after a security researcher revealed an alarming proof of concept demonstration.
Felix Krause, an Austrian iOS developer who also works for Google, showed how iOS photo apps can secretly record photos and videos – without the user being aware of it.
Apple has faced a number of Phone privacy concerns over the years. Last year for example a Russian researcher warned that law enforcement officials could get their hands on iPhone call data because Apple sends it to the iCloud, bypassing the protection afforded by iOS encryption.
Krause meanwhile explained in a blog posting that once the user has granted an iOS app blanket permission to access the camera, it can access both the front and the back cameras.
Once allowed, this permission has to be turned off via the settings menu.
But if the user doesn’t do this, iOS apps are then free to also record at any time the app is in the foreground; it can take pictures and videos without telling the user; and it can upload pictures/videos immediately; and it can run real-time face recognition to detect facial features or expressions.
It does this all without indicating that the phone is recording the user and his or her surroundings.
Unlike Apple Macs or PCs, there are no LEDs, no lights or any other kind of indication next to the camera to show it is being used, he warned.
“iOS users often grant camera access to an app soon after they download it (e.g., to add an avatar or send a photo),” blogged Krause. “These apps, like a messaging app or any news-feed-based app, can easily track the users face, take pictures, or live stream the front and back camera, without the user’s consent.”
He also provided a video demonstration, located here.
The issue is not a flaw as such, as that is the way Apple has designed the iOS platform, and the good news is that Apple’s app review process should detect rogue apps, so in reality the risk is relatively low.
Krause however says that the only real way that Apple customers can protect themselves is to purchase camera covers or use a sticky note to cover the lens.
He said that Mark Zuckerberg for example is known to cover his phone’s camera lens.
Alternatively, the iPhone user can revoke camera access for all apps, and always use the built-in camera app.
Krause said Apple should introduce a system of temporary permissions that is revoked after period of time.
Or Apple should alternatively use a warning light or notification that tells iPhone users when they are being recorded.
Apple has reportedly not commented on the issue so far.
Earlier this month, Felix Krause warned that iOS operating system could “easily” be hacked to obtain users’ Apple ID passwords, due to the system’s frequent use of genuine authentication messages.
He said that Apple users are so accustomed to entering their Apple ID password when asked to do so while using applications that it’s likely they wouldn’t hesitate to enter it into a false prompt.
Do you know all about security in 2017? Try our quiz!