Skip to main content
  1. Home
  2. Mobile
  3. News

Apple pays $75,000 to hacker for discovery of exploits to hijack iPhone camera

By

Apple awarded $75,000 to a hacker who discovered exploits that allowed him to hijack the cameras of iPhones and Macs.

Security researcher and former Amazon Web Services security engineer Ryan Pickren disclosed at least seven zero-day vulnerabilities in Safari to Apple, according to Forbes. Three of these vulnerabilities may be used to hijack the cameras of iOS and macOS devices.

Related

The exploit required victims to visit a malicious website, which could then access their device’s camera if it had previously trusted a video conferencing service such as Zoom.

“A bug like this shows why users should never feel totally confident that their camera is secure,” Pickren told Forbes, “regardless of operating system or manufacturer.”

Pickren informed Apple about his discovery in mid-December 2019. Apple validated all seven vulnerabilities, and after a few weeks, released a fix for the iOS and macOS camera exploit. The security researcher was then paid $75,000, which Pickren said was his first earnings from the company.

Security researcher Sean Wright told Forbes that the exploit that Pickren discovered, even if it required the victim to visit a malicious website, was “a very viable form of attack.” Wright added that compared with the attention on webcams in computers, there has not been much focus on the cameras and microphones of mobile phones, which he said is “a far more likely route” for attackers if they want to eavesdrop on their targets.

Bug bounties

Bug bounty programs provide incentives to security researchers to help tech companies find vulnerabilities in their software, instead of the exploits falling into the hands of malicious hackers.

Apple, which launched a bug bounty program in 2016, made changes in August 2019 that included the addition of a $1 million reward for hackers who could launch a “zero-click full chain kernel execution attack with persistence.” In December 2019, the program was finally expanded to accept submissions for macOS bugs.

Apple rival Google has also been generous with its bug bounty program, with an up to $1.5 million reward for “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.” In 2019, Google paid a total of $6.5 million in bug bounties, for a total of $21 million since the program was launched in 2010.

Editors’ Recommendations

Topics
Aaron Mamiit
Aaron Mamiit
Contributor
Aaron received a NES and a copy of Super Mario Bros. for Christmas when he was 4 years old, and he has been fascinated with…
iOS 18 may have a fun surprise for longtime iPhone fans
Apple iPhone 6S

If you’ve been a longtime iPhone user, you’ve probably seen every default wallpaper iOS has to offer — and you’ve likely had a few favorites that you miss. The good news is that, according to the latest news about Worldwide Developers Conference (WWDC) 2024, Apple is set to bring back many old-school wallpapers dating back to the early days of the Mac and iPhone.

“Apple’s devices are getting new wallpaper packs, including Mac versions that reference old-school icons and slogans,” said Bloomberg’s Mark Gurman in a report. “The iPhone wallpapers will have options that look similar to early ones on the phone.”

Read more
Here’s how iOS 18 is going to overhaul your iPhone’s email app
An iPhone showing the home screen in someone's hand.

We're just days away from Apple's Worldwide Developers Conference (WWDC 2024), which means we're about to get our first look at iOS 18. The new iPhone operating system is expected to get RCS texting in the iMessage app, more customization options for the home screen, and maybe a significant design change overall. Now comes word that changes will be made to the native Mail app.

According to AppleInsider, the Mail app is about to undergo a significant transformation. It's getting a powerful new search tool, Smart Replies, automatic sorting for different email types, and more. But the real excitement lies in the app's expected integration of AI functionality, a feature becoming a hallmark of iOS 18.

Read more
Apple just admitted defeat to Android phones
A Google Pixel 8 Pro in Porcelain (left) with an iPhone 15 Pro in Blue Titanium held in hand.

For years, Apple’s smartphones have held a decisive upper hand over Android devices in one crucial aspect: the longevity of the software support cycle. In a nutshell, as long as your phone keeps getting updates, it will run just about fine.

Brand assurances play a crucial role in buyer behavior, as long-term update support means your phone will not only get new tricks but also security flaws patched. Notably, Apple is not into the habit of quoting how many years it will offer software support for each device, but it has held the crown for a while.

Read more