A Google engineer discovered a method to use certain iPhone apps to secretly take photos and videos of the owner.
Felix Krause discovered the vulnerability while doing security research independent from Google after office hours, according to The Next Web.
Krause explained that a privacy setting on iOS could be used to hijack apps with camera permission to spy on the user. An attacker could take pictures, record video and upload them on the internet immediately.
The attacker could even run real-time face detection. All of this will happen without a single notification sound or LED blink from the iPhone.
Krause uploaded a short demonstration of how it could be done on his YouTube channel.
Furthermore, attackers could also locate users by scraping together image data already existing on the target’s iPhone and fresh ones captured using the exploit. It would be just a matter of cross-referencing landmarks.
Krause has since disclosed his discovery to Apple and also published it on his personal blog.
Some of the solutions he suggested includes using a camera cover and revoking camera access to apps. For Apple’s development team, he suggested making camera permissions temporary and adding indicators when the device is recording. Alfred Bayle/JB
RELATED STORIES:
Apple ID passwords may be vulnerable to iOS phishing attacks
iPhones of the future may no longer include Touch ID, predicts expert
Japanese company sues Apple for ‘Animoji’ trademark