In A Recent Announcement iPhone’s Can Secretly Take Photos – And You Gave Them Perission!
For many people out there who are proudly toting around their iPhone they may be unaware that they may have given some applications the ability to take photos of them!
Felix Kraus, a highly acclaimed Austrian blogger, developer and Google engineer recently wrote about his research explaining some serious security and privacy implications specific to the front and back camera of your favorite iPhone.
In his research, Felix noted that the flaw with the iOS applications is in how Apple’s software handles camera access. Some applications have legitimate needs to access the camera such as WhatsApp, Snapchat, Facebook, Twitter and so forth – this enables the device to be able to be used as a photo creator for Social Media or specific software applications.
By design, permissions are not a bug or a flaw but rather a feature the user is able to choose if they wish to enable or disable access to the camera – and by in large is operating exactly the way Apple has designed it. The drawback, as Krause continued, this also means that any malicious application could also take advantage of this feature to silently record, snap photos or any other activity the attacker wishes.
iPhone Apps Can Silently Turn On Camera – Whenever
You are reading this correct, by the research performed by Krause he explains that simply by granting the application permission to the camera this would enable iOS app developers access to the following:
- both the front and the back camera of your device
- photograph and record you at any time the app is in the foreground
- upload the recorded and captured content immediately
- run real-time face detection to read your facial expressions
All of these tasks can be completed without the user being prompted that it is occurring
Again, by design from Apple, the application only requests access to enable the camera one time and many users are quick to grant permission to a new application which gives free reign to the camera. The LED light, notifications or sounds may all be suppressed so that the user has no idea that the device is in use.
Kraus has even gone as far as creating a proof-of-concept application that was created that was specifically created to showcase how a malicious app could abuse these permissions to silently take your picture every few seconds as you use the app or even stream video from both your front and rear camera – all without you knowing.
Krause said his “goal [to build the demo app] is to highlight a privacy loophole that can be abused by iOS apps.”
Krause continued saying the malicious app could record “stunning video material from bathrooms around the world, using both the front and back camera, while the user scrolls through a social feed or plays a game.”
How Do I Protect My Privacy?
Unfortunately, there is very little you can do to protect your privacy.
Felix Krause recommended that Apple introduce a different permission process, possibly one that would only give temporary access. This would create more pop up/permission windows that could detract from the user experience but it would also greatly increase the users level of privacy.
A second option presented would be to display the LED light or a notification window on the device when an application was accessing the camera.
The biggest piece of advice we at Your Digital Mind would give would be to not install any applications that are not from the official app store and double check reviews or online postings about specific applications and their developers. This is a more time intensive approach but ultimately could significantly improve your security and privacy.
Worst case – you could always do what Facebook CEO Mark Zuckerberg and former FBI Director James Comey do – physically cover your camera.