There was a time when Apple devices were considered secured when compared to Android devices. Although the situation is not as worse as that faced by Android users, the IT security community is witnessing a rapid increase in cyber attacks against Apple users as well as discovering of security flaws.
Recently, a Google engineer discovered that any rogue app on iPhone could use the device’s camera to spy on the user secretly. It can do it by abusing the permission by default and use both front and rear cameras for malicious purposes.
To prove his point, Krause developed a fake social media app that would take pictures of the user after every few seconds and upload them on the site – All that without the permission or knowledge of the user. The reason for demonstrating the issue was to highlight “privacy loophole that can be abused by iOS apps.”
On iPhone, permissions work in a way that once a user allows an app to take photos, they must grant that app full camera access which can be turned off once the app is done taking pictures. However, Krause discovered that once granted permission, an app can record videos and take photos whenever it is turned on even when the permission is taken back.
The issue with smartphones including iPhone is that their cameras don’t indicate if they are being used or turned on unlike in laptops in which a small silver light or small green light in case of Mac computers indicate users that their camera is being used. Therefore, there is no indication in smartphones whether their camera is taking photos or recording videos.
However, this is not a security flaw. It’s a system that Apple developed, and it works the way it was designed, but Krause’s findings highlight the system is somehow flawed and poses a privacy threat to iPhone users.