Friday, March 29, 2024

iOS Privacy issue – Now iPhone apps can Secretly access your Camera to take Videos and Pictures

Google Security Engineer Felix Krause discovered a privacy loophole in iPhone which can be abused by the malicious iOS app to take videos and Pictures of user secretly.

In iPhone, once you grant permission app access to your camera it can take photos and video without your knowledge, uses front and back camera, also it can run facial recognition.

Krause discovered that once you grant full permission to app access your iPhone camera and anytime if the app turned back on it runs again with the same permission even if the permission revoked.

To demonstrate it Krause made a social network app that takes pictures and uploads on the feed without user’s permission. He also proved that it is possible to get some basic emotions right.

He also suggested some preventive measures for users, the first and the best way is to cover your camera wit came covers.Next one is to revoke camera access to all other apps than the inbuilt camera apps.

Proposals suggested

He suggested that Apple should provide an option to grant temporary access to camera and also some possible ways to alert users when the camera is active.

To show push notifications in the status bar or light indicator as like in Macbook.

Last September Felix Krause identified a permission issue, any camera app that has access to image library can extract the user locations from the image metadata.

When compared to Android Apple devices are considered to be more secure, but nowadays cyberattacks targetting Apple users are in raise.

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles