An Austrian developer has managed to expose a security loophole in iOS apps which makes it possible for an iPhone to take pictures and upload them without the user being made aware.
Felix Krause demonstrated the loophole in the video below, where he created an app that initially requested access to his camera, once this permission was granted the app would then take pictures of him once a second and upload it as long as the app was open in the foreground.
In a blog post, Felix went further to explain that the iPhone does not tell you when its camera is activated, unlike Mac computers which show a green light when the camera is in use, and crucially the iPhone also allows access to both the front and back camera's when the app is open. Not only that but using the new built-in iOS 11 Vision framework the camera can also be programmed to operate facial recognition, meaning it could be set to record once it recognized someone's face.
So theoretically there could be apps or games that might be taking pictures and uploading them while people play a game on the toilet, while they are looking at an app before getting into the shower, while they are sat at a desk looking at important documents, basically in any scenario where someone is using their iPhone.
As advice on how to avoid this, Felix suggested people could get camera covers for their iPhones - he didn't mention microphones- or they could go into their settings and revoke all the necessary access granted to their apps.
Ultimately though, restricting apps in a bid to secure one's privacy would make many of the apps much slower to use, as your permission would now be required, and the user would have to do certain things manually like copy-pasting pictures to new profiles. As disturbing as this find by Felix is, many people would probably find the things they have to do to ensure complete privacy quite frustrating.
Image via iPhoneros
40 Comments - Add comment