Categories: Security News

iOS Privacy issue – Now iPhone apps can Secretly access your Camera to take Videos and Pictures

Google Security Engineer Felix Krause discovered a privacy loophole in iPhone which can be abused by the malicious iOS app to take videos and Pictures of user secretly.

In iPhone, once you grant permission app access to your camera it can take photos and video without your knowledge, uses front and back camera, also it can run facial recognition.

Krause discovered that once you grant full permission to app access your iPhone camera and anytime if the app turned back on it runs again with the same permission even if the permission revoked.

To demonstrate it Krause made a social network app that takes pictures and uploads on the feed without user’s permission. He also proved that it is possible to get some basic emotions right.

He also suggested some preventive measures for users, the first and the best way is to cover your camera wit came covers.Next one is to revoke camera access to all other apps than the inbuilt camera apps.

Proposals suggested

He suggested that Apple should provide an option to grant temporary access to camera and also some possible ways to alert users when the camera is active.

To show push notifications in the status bar or light indicator as like in Macbook.

Last September Felix Krause identified a permission issue, any camera app that has access to image library can extract the user locations from the image metadata.

When compared to Android Apple devices are considered to be more secure, but nowadays cyberattacks targetting Apple users are in raise.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Hack The box “Ghost” Challenge Cracked – A Detailed Technical Exploit

Cybersecurity researcher "0xdf" has cracked the "Ghost" challenge on Hack The Box (HTB), a premier…

24 minutes ago

Sec-Gemini v1 – Google’s New AI Model for Cybersecurity Threat Intelligence

Google has unveiled Sec-Gemini v1, an AI model designed to redefine cybersecurity operations by empowering…

43 minutes ago

U.S. Secures Extradition of Rydox Cybercrime Marketplace Admins from Kosovo in Major International Operation

The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi,…

6 hours ago

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…

2 days ago

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…

2 days ago

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…

2 days ago