Skip to main content
  1. Home
  2. Mobile
  3. News

Apple pays $75,000 to hacker for discovery of exploits to hijack iPhone camera

By

Apple awarded $75,000 to a hacker who discovered exploits that allowed him to hijack the cameras of iPhones and Macs.

Recommended Videos

Security researcher and former Amazon Web Services security engineer Ryan Pickren disclosed at least seven zero-day vulnerabilities in Safari to Apple, according to Forbes. Three of these vulnerabilities may be used to hijack the cameras of iOS and macOS devices.

The exploit required victims to visit a malicious website, which could then access their device’s camera if it had previously trusted a video conferencing service such as Zoom.

“A bug like this shows why users should never feel totally confident that their camera is secure,” Pickren told Forbes, “regardless of operating system or manufacturer.”

Pickren informed Apple about his discovery in mid-December 2019. Apple validated all seven vulnerabilities, and after a few weeks, released a fix for the iOS and macOS camera exploit. The security researcher was then paid $75,000, which Pickren said was his first earnings from the company.

Security researcher Sean Wright told Forbes that the exploit that Pickren discovered, even if it required the victim to visit a malicious website, was “a very viable form of attack.” Wright added that compared with the attention on webcams in computers, there has not been much focus on the cameras and microphones of mobile phones, which he said is “a far more likely route” for attackers if they want to eavesdrop on their targets.

Bug bounties

Bug bounty programs provide incentives to security researchers to help tech companies find vulnerabilities in their software, instead of the exploits falling into the hands of malicious hackers.

Apple, which launched a bug bounty program in 2016, made changes in August 2019 that included the addition of a $1 million reward for hackers who could launch a “zero-click full chain kernel execution attack with persistence.” In December 2019, the program was finally expanded to accept submissions for macOS bugs.

Apple rival Google has also been generous with its bug bounty program, with an up to $1.5 million reward for “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.” In 2019, Google paid a total of $6.5 million in bug bounties, for a total of $21 million since the program was launched in 2010.

Editors' Recommendations

Topics
Aaron Mamiit
Aaron Mamiit
Contributor
Aaron received a NES and a copy of Super Mario Bros. for Christmas when he was 4 years old, and he has been fascinated with…
Arc Search, one of the best iPhone apps right now, just got even better
Arc Search's Call Arc feature.

One of our favorite iPhone browser apps has just introduced an interesting new feature. Arc Search’s new "Call Arc" tool functions similarly to making a phone call on your iPhone 15 Pro or other iPhone. Instead of speaking to someone on the other end of the line, though, you ask Arc to answer your queries. The outcome is fresh and unique, and it actually works really well.

Before its latest software update, Arc Search already offered a voice search feature. The AI-powered Call Arc is different and designed for people on the go who are looking for quick answers to short questions.

Read more
Here are the 7 new emoji coming to your iPhone with iOS 18
2024 emoji.

It's that time of year again! The Unicode Consortium has released a preview of new emoji that will likely be included in a version of iOS 18 later this year or early next year. It will be up to Apple to officially add them to the next iOS, iPadOS, watchOS, macOS, and visionOS versions.

The new emoji announced today include ones for a sleepy face, fingerprint, leafless tree, vegetable root, harp, shovel, and splatter. The emoji examples provided by Unicode serve as starting points for Apple designers to create finished designs and are not the final images Apple will use. Google and other platform users will also work with these emoji as a starting point.

Read more
Apple is planning something big for the iPhone 16 Pro Max camera
The Apple iPhone 15 Pro Max's camera module.

Apple iPhone 15 Pro Max Andy Boxall / Digital Trends

The iPhone 16 is still several months away from its anticipated fall launch, but we’ve already gotten plenty of leaks about what to expect from the lineup, including design changes, color options, battery size upgrades for the Pro Max, and more.

Read more