Skip to main content
  1. Home
  2. Mobile
  3. News

Apple pays $75,000 to hacker for discovery of exploits to hijack iPhone camera

By

Apple awarded $75,000 to a hacker who discovered exploits that allowed him to hijack the cameras of iPhones and Macs.

Recommended Videos

Security researcher and former Amazon Web Services security engineer Ryan Pickren disclosed at least seven zero-day vulnerabilities in Safari to Apple, according to Forbes. Three of these vulnerabilities may be used to hijack the cameras of iOS and macOS devices.

Related

The exploit required victims to visit a malicious website, which could then access their device’s camera if it had previously trusted a video conferencing service such as Zoom.

“A bug like this shows why users should never feel totally confident that their camera is secure,” Pickren told Forbes, “regardless of operating system or manufacturer.”

Pickren informed Apple about his discovery in mid-December 2019. Apple validated all seven vulnerabilities, and after a few weeks, released a fix for the iOS and macOS camera exploit. The security researcher was then paid $75,000, which Pickren said was his first earnings from the company.

Security researcher Sean Wright told Forbes that the exploit that Pickren discovered, even if it required the victim to visit a malicious website, was “a very viable form of attack.” Wright added that compared with the attention on webcams in computers, there has not been much focus on the cameras and microphones of mobile phones, which he said is “a far more likely route” for attackers if they want to eavesdrop on their targets.

Bug bounties

Bug bounty programs provide incentives to security researchers to help tech companies find vulnerabilities in their software, instead of the exploits falling into the hands of malicious hackers.

Apple, which launched a bug bounty program in 2016, made changes in August 2019 that included the addition of a $1 million reward for hackers who could launch a “zero-click full chain kernel execution attack with persistence.” In December 2019, the program was finally expanded to accept submissions for macOS bugs.

Apple rival Google has also been generous with its bug bounty program, with an up to $1.5 million reward for “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.” In 2019, Google paid a total of $6.5 million in bug bounties, for a total of $21 million since the program was launched in 2010.

Editors' Recommendations

Topics
Aaron Mamiit
Aaron Mamiit
Contributor
Aaron received a NES and a copy of Super Mario Bros. for Christmas when he was 4 years old, and he has been fascinated with…
Apple finally fixed my biggest problem with the iPhone 14 Pro Max
apple fixed my biggest problem with iphone 14 pro max 1443

Good battery life is a well-known trait of the iPhone. As a battery-anxious person, it's one of the reasons why I shifted to iOS. The iPhone 13 Pro Max took it to the next level with excellent battery optimization that would see the phone last me an entire day with ease – no matter how heavy the usage. The same didn’t happen when I shifted to the iPhone 14 Pro Max. And it was primarily due to iOS 16. The initial versions, up until iOS 16.4, were buggy and bad with battery optimization.

I was about to move back to Android, but iOS 16.5 has me hooked. The update is one of the best in the recent past from Apple. While I’ve been testing iOS 17 for the past week on another iPhone, I installed iOS 16.5 in late May on my primary phone – the iPhone 14 Pro Max — and I’m extremely happy with what Apple has done with this version.
The iPhone 14 Pro Max's battery problem has finally been fixed
The chart shows 50% battery left after using the iPhone 14 Pro Max for 5 hours and 43 minutes. Prakhar Khanna/Digital Trends

Read more
iOS 17: Apple didn’t add the one feature I’ve been waiting for
Multiwindow on Galaxy S23 Ultra (on left) and multiwindow with popup window on Oppo Find X6 Pro (on right).

Multiwindow on the Samsung Galaxy S23 Ultra (left) and multiwindow with pop-up window on the Oppo Find X6 Pro (right). Prakhar Khanna/Digital Trends

I’m a big-screen phone advocate. While I like the comfort of holding a compact phone (such as the Samsung Galaxy S23 with a 6.1-inch display), I prefer using devices like the Galaxy S23 Ultra, Oppo Find X6 Pro, Xiaomi 13 Pro, and iPhone 14 Pro Max.

Read more
Android is still beating the iPhone in a small (but important) way
Android App Timer on Google Pixel 6a and iOS App Limit on iPhone 11.

Our phones, as you know, can sometimes become depthless abysses. Almost everyone has experienced the inconquerable pull of spending hours switching from one social media or entertainment app futilely. And this routine even has a name -- "doomscrolling."

Thankfully, overlords that control the smartphone world, namely Google and Apple, have been conscious of this issue and offer tools that constantly remind you to spare your eyes from the screen and revisit the physical world to replenish your senses.

Read more