Tuesday, September 10, 2024
HomeSecurity NewsiOS Privacy issue - Now iPhone apps can Secretly access your Camera...

iOS Privacy issue – Now iPhone apps can Secretly access your Camera to take Videos and Pictures

Published on

Google Security Engineer Felix Krause discovered a privacy loophole in iPhone which can be abused by the malicious iOS app to take videos and Pictures of user secretly.

In iPhone, once you grant permission app access to your camera it can take photos and video without your knowledge, uses front and back camera, also it can run facial recognition.

Krause discovered that once you grant full permission to app access your iPhone camera and anytime if the app turned back on it runs again with the same permission even if the permission revoked.

To demonstrate it Krause made a social network app that takes pictures and uploads on the feed without user’s permission. He also proved that it is possible to get some basic emotions right.

- Advertisement - EHA

He also suggested some preventive measures for users, the first and the best way is to cover your camera wit came covers.Next one is to revoke camera access to all other apps than the inbuilt camera apps.

Proposals suggested

He suggested that Apple should provide an option to grant temporary access to camera and also some possible ways to alert users when the camera is active.

To show push notifications in the status bar or light indicator as like in Macbook.

Last September Felix Krause identified a permission issue, any camera app that has access to image library can extract the user locations from the image metadata.

When compared to Android Apple devices are considered to be more secure, but nowadays cyberattacks targetting Apple users are in raise.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Chinese Hackers Using Open Source Tools To Launch Cyber Attacks

Three Chinese state-backed threat groups, APT10, GALLIUM, and Stately Taurus, have repeatedly employed a...

Small Business, Big Threats: INE Security Launches Initiative to Train SMBs to Close a Critical Skills Gap

As cyber threats grow, small to medium-sized businesses (SMBs) are disproportionately targeted. According to...

Researchers Details Attacks On Air-Gaps Computers To Steal Data

The air-gap data protection method isolates local networks from the internet to mitigate cyber...

Beware Of Malicious Chrome Extension That Delivers Weaponized ZIP Archive

In August 2024, researchers detected a malicious Google Chrome browser infection that led to...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Critical PDF.js & React-PDF Vulnerabilities Threaten Millions Of PDF Users

A new critical vulnerability has been discovered in PDF.js, which could allow a threat...

LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely From Any Browser, Anywhere

LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series...

Email Header Analysis – Verify Received Email is Genuine or Spoofed

Email Header Analysis highly required process to prevent malicious threats since Email is...