Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple patches vulnerability where iPhone & MacBook cameras could be hijacked

Last updated

An ethical "white-hat" hacker exploited Apple's own apps in December to show how a malicious website could gain unrestricted access to a user's camera and microphone without consent using flaws that have since been patched.

Former Amazon Web Services security engineer, Ryan Pickren, discovered seven zero-day vulnerabilities in Apple's Safari that could be used to hijack users' cameras. The vulnerabilities exploited the way Safari parsed Uniform Resource Identifiers, managed web origins, and initialized secure contexts.

The only requirement was that the user's camera would have had to trust a video conferencing site, like Zoom. If that criteria was met, a user could visit a site that utilized the attack chain, and a hacker could gain access to a users camera — both on iOS and macOS.

Pickren had submitted his research to the Apple Bug Bounty program and was paid $75,000 for his contribution. Apple fixed three of the security flaws — the ones that allowed for camera hijacking — in the January 28 Safari 13.0.5 update. The four remaining flaws were not fixed until the Safari 13.1 release on March 24.

"A bug like this shows why users should never feel totally confident that their camera is secure," Pickren told Forbes, "regardless of operating system or manufacturer."

Pickren had discovered the bug by "finding assumptions in software and violating those assumptions to see what happens." He noted that the camera security model was difficult to crack, as Apple requires nearly every app to be granted explicit permission to the microphone and camera. This makes it far less likely that a malicious third-party app could gain access without a users express permission.

The exception to the rule, however, is Apple's own apps, such as Safari. Pickren was able to exploit this exception to uncover the bugs. He managed to "hammer the browser with obscure corner cases" until he gained access to the camera.



13 Comments

lkrupp 19 Years · 10521 comments

Okay, so I  think I read way back that my iMac’s camera and indicator light were tied together and one could not activated without the other. Did I imagine that or am I right?

powermacbandit 19 Years · 51 comments

I’d like to know as well. I hope it is.  It should be done in hardware without any programmable hardware in between. 

seanismorris 8 Years · 1624 comments

Re: "A bug like this shows why users should never feel totally confident that their camera is secure," 

Let’s see them hack through my electrical tape.  


mwahahaha
muwhahaha
muahahaha
bwahahaha

MplsP 8 Years · 4047 comments

lkrupp said:
Okay, so I  think I read way back that my iMac’s camera and indicator light were tied together and one could not activated without the other. Did I imagine that or am I right?

I remember reading that, too. I found this thread discussing it that seems to say it may have been possible on the the older (i.e. > 10 years old) cameras but in the newer modules the LED is directly wired to the camera module's power supply.

razorpit 17 Years · 1793 comments

MplsP said:
lkrupp said:
Okay, so I  think I read way back that my iMac’s camera and indicator light were tied together and one could not activated without the other. Did I imagine that or am I right?
I remember reading that, too. I found this thread discussing it that seems to say it may have been possible on the the older (i.e. > 10 years old) cameras but in the newer modules the LED is directly wired to the camera module's power supply.

There should be an indicator like that for iOS devices.

Does anyone know if this vulnerability was able to activate without turning on the LED on newer Macs?