Apple eliminates iPhone camera hijack; pays hacker $75,000

By

iPhone-11-cameras
Safari flaws allowed camera and microphone access on iPhone.
Photo: Killian Bell/Cult of Mac

Apple has eliminated a number of serious flaws that allowed an iPhone’s camera to be hijacked.

Hacker Ryan Pickren discovered the vulnerabilities during a “pretty intense” bug-hunting expedition in Safari. He was paid $75,000 through Apple’s Bug Bounty Program for his efforts.

iOS is considered the most secure mobile operating system. Apple has spent years bolstering its protections to ensure iPhone and iPad users don’t have to worry about their devices being exploited — and their data being compromised.

As is often the case with software, however, there are vulnerabilities that go undetected. Pickren found no less than seven in Safari, three of which allowed an iPhone’s camera to be hijacked by malicious code.

Safari flaws give iPhone camera access

The zero-day vulnerabilities could be exploited to grant camera and microphone permission to anyone who knew how to take advantage of them. All they had to do was convince an iPhone user to visit a malicious website.

“A bug like this shows why users should never feel totally confident that their camera is secure, regardless of operating system or manufacturer,” Pickren explained to Forbes.

The vulnerabilities were discovered last December when Pickren decided to “hammer the browser with obscure corner cases” until strange behavior was uncovered. He focused on camera security, despite it being incredibly strong.

It wasn’t long before seven flaws (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787) were found.

Apple provides quick fix

Pickren reported his findings to Apple, and the three most serious vulnerabilities — those that allowed camera access — were fixed in late January by the Safari 13.0.5 update.

The other, less severe flaws were fixed in Safari 13.1, rolled out on March 24.

For his efforts, Pickren was awarded $75,000. He said he “really enjoyed” working with Apple’s product security team on the issues, and he plans to put the money toward buying new products and finding new bugs.

“I’m really excited that Apple embraced the help of the security research community,” Pickren added.