Google Security Engineer Felix Krause discovered a privacy loophole in iPhone which can be abused by the malicious iOS app to take videos and Pictures of user secretly.
In iPhone, once you grant permission app access to your camera it can take photos and video without your knowledge, uses front and back camera, also it can run facial recognition.
Krause discovered that once you grant full permission to app access your iPhone camera and anytime if the app turned back on it runs again with the same permission even if the permission revoked.
To demonstrate it Krause made a social network app that takes pictures and uploads on the feed without user’s permission. He also proved that it is possible to get some basic emotions right.
He also suggested some preventive measures for users, the first and the best way is to cover your camera wit came covers.Next one is to revoke camera access to all other apps than the inbuilt camera apps.
He suggested that Apple should provide an option to grant temporary access to camera and also some possible ways to alert users when the camera is active.
To show push notifications in the status bar or light indicator as like in Macbook.
Last September Felix Krause identified a permission issue, any camera app that has access to image library can extract the user locations from the image metadata.
When compared to Android Apple devices are considered to be more secure, but nowadays cyberattacks targetting Apple users are in raise.