They’re watch­ing you

Are your apps film­ing you? Google re­searcher spots se­cu­rity hole.


GOOGLE EN­GI­NEER FELIX Krause has de­tailed a vul­ner­a­bil­ity in iOS that means any app with per­mis­sion to use the cam­era on your iPhone or iPad can se­cretly film you or take pictures of you — whether you are aware of it or not.

The prob­lem stems from the fact that once you give an app per­mis­sion to ac­cess your cam­era, it can do so at any time pro­vided that it’s in the fore­ground… and Krause has

cre­ated a demo so­cial net­work­ing app called watch.user, which does ex­actly that, to show how the po­ten­tial ex­ploit works. Talk­ing about the is­sue on his web­site at, Krause says: “iOS users of­ten grant cam­era ac­cess to an app soon after they down­load it (e.g., to add an avatar or send a photo). These apps, like a mes­sag­ing app or any news­feed­based app, can eas­ily track the user’s face, take pictures, or live stream the front and back cam­era, without the user’s con­sent.” There is also an is­sue with fa­cial recog­ni­tion tech­nol­ogy, says Krause. “Us­ing the new built-in iOS 11 Vi­sion frame­work, ev­ery de­vel­oper can very eas­ily parse fa­cial fea­tures in real time, like the eyes, mouth and the face frame.” Al­though Ap­ple is pretty good at polic­ing the apps posted on the App Store, its checks and bal­ances aren’t flaw­less — as it dis­cov­ered last April with the Uber app, which se­cretly tracked users even after they’d fin­ished us­ing the ride-sharing ser­vice. Krause says the best way to pro­tect your­self from rogue apps that may try to take ad­van­tage of your iPhone or iPad’s cam­era in this way is to re­voke per­mis­sion for all apps, to use only the built-in Cam­era app, and to use the im­age picker in an app rather than giv­ing it blan­ket ac­cess to ei­ther the contents of your Pho­tos li­brary or your cam­era roll.

The other way, of course, is to cover the cam­era on your de­vice when you’re not ex­pressly us­ing it by buy­ing a cam­era cover, or plac­ing a piece of in­su­la­tion tape or even a sticky note over it. It’s in­el­e­gant, but it might just pro­tect your pri­vacy.

Krause has re­ported the is­sue to Ap­ple and says there are sev­eral easy fixes - which in­clude: forc­ing an app to dis­play an icon when the cam­era is ac­tive; al­low­ing cam­era ac­cess only tem­po­rar­ily; and adding an LED in­di­ca­tor light to the front and back cam­eras on iOS de­vices that light up when the cam­era is in use. Ap­ple could pre­vent apps from by­pass­ing this tell-tale in­di­ca­tor by sand­box­ing apps the way macOS does.

Krause’s app shows the ex­ploit in ac­tion.

Face recog­ni­tion? Great, but any app can parse your fa­cial fea­tures.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.