Skip to main content
  1. Home
  2. Mobile
  3. News

Apple pays $75,000 to hacker for discovery of exploits to hijack iPhone camera

By

Apple awarded $75,000 to a hacker who discovered exploits that allowed him to hijack the cameras of iPhones and Macs.

Recommended Videos

Security researcher and former Amazon Web Services security engineer Ryan Pickren disclosed at least seven zero-day vulnerabilities in Safari to Apple, according to Forbes. Three of these vulnerabilities may be used to hijack the cameras of iOS and macOS devices.

Related

The exploit required victims to visit a malicious website, which could then access their device’s camera if it had previously trusted a video conferencing service such as Zoom.

“A bug like this shows why users should never feel totally confident that their camera is secure,” Pickren told Forbes, “regardless of operating system or manufacturer.”

Pickren informed Apple about his discovery in mid-December 2019. Apple validated all seven vulnerabilities, and after a few weeks, released a fix for the iOS and macOS camera exploit. The security researcher was then paid $75,000, which Pickren said was his first earnings from the company.

Security researcher Sean Wright told Forbes that the exploit that Pickren discovered, even if it required the victim to visit a malicious website, was “a very viable form of attack.” Wright added that compared with the attention on webcams in computers, there has not been much focus on the cameras and microphones of mobile phones, which he said is “a far more likely route” for attackers if they want to eavesdrop on their targets.

Bug bounties

Bug bounty programs provide incentives to security researchers to help tech companies find vulnerabilities in their software, instead of the exploits falling into the hands of malicious hackers.

Apple, which launched a bug bounty program in 2016, made changes in August 2019 that included the addition of a $1 million reward for hackers who could launch a “zero-click full chain kernel execution attack with persistence.” In December 2019, the program was finally expanded to accept submissions for macOS bugs.

Apple rival Google has also been generous with its bug bounty program, with an up to $1.5 million reward for “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.” In 2019, Google paid a total of $6.5 million in bug bounties, for a total of $21 million since the program was launched in 2010.

Editors’ Recommendations

Topics
Aaron Mamiit
Aaron Mamiit
Former Digital Trends Contributor
Aaron received an NES and a copy of Super Mario Bros. for Christmas when he was four years old, and he has been fascinated…
The iPhone 16 is having battery life problems. Here’s what we know
Battery page on the iPhone 16.

Do you feel like your battery life has worsened since upgrading to iOS 18? If so, you aren't alone. Dozens of users are reporting excessive amounts of battery drain, specifically on the iPhone 16 and iPhone 16 Pro. But is there a fix? Unfortunately, not yet.

According to MacRumors, there's a long-running thread with hundreds of posts from users lamenting their battery's lack of joie de vivre. One user said their phone drops from 100% charge to 60% by midday, even though there was no heavy usage during that time. Another user reported a battery drain of around 1% every five minutes. Obviously, this isn't a great look for Apple.

Read more
iOS 18.1 brings two sorely needed email features to the iPhone
Setting primary email address after iOS 18.1 update.

With the introduction of iOS 18.1, Apple has made a crucial change that will make life easier for users eyeing an inbox address change for their account activities. Up till now, if you sought to change the primary email associated with your Apple account, the existing email address had to be deleted first.

Only after deleting the current email address were users able to add a new one for their Apple account. Following the iOS 18.1 update, users can simply change it without any erasure hassle.

Read more
I’m so glad I didn’t ignore the iPhone 16’s Camera Control
The OuttaFocus column header image, with the iPhone 16 Plus Camera Control.

Before I used the iPhone 16, I was conflicted about the Camera Control. At first, I thought it just added a fun physical element to the camera, but when I remembered the years of muscle memory involved with taking photos with the iPhone using the touchscreen, I questioned whether it would be worth the effort to retrain myself to use it.

Now, after having forced myself to press the Camera Control on the iPhone 16 Plus, I’m here to tell you to do the same, as it does a whole lot more than just snap photos.
Photographic Styles are its secret weapon

Read more