A Hacker Found a Way To Take Over Any Apple Webcam

An anonymous reader quotes a report from Wired: Apple has a well-earned reputation for security, but in recent years its Safari browser has had its share of missteps. This week, a security researcher publicly shared new findings about vulnerabilities that would have allowed an attacker to exploit three Safari bugs in succession and take over a target's webcam and microphone on iOS and macOS devices. Apple patched the vulnerabilities in January and March updates. But before the fixes, all a victim would have needed to do is click one malicious link and an attacker would have been able to spy on them remotely.

The bugs Pickren found all stem from seemingly minor oversights. For example, he discovered that Safari's list of the permissions a user has granted to websites treated all sorts of URL variations as being part of the same site, like https://www.example.com, http://example.com and fake://example.com. By "wiggling around," as Pickren puts it, he was able to generate specially crafted URLs that could work with scripts embedded in a malicious site to launch the bait-and-switch that would trick Safari. A hacker who tricked a victim into clicking their malicious link would be able to quietly launch the target's webcam and microphone to capture video, take photos, or record audio. And the attack would work on iPhones, iPads, and Macs alike. None of the flaws are in Apple's microphone and webcam protections themselves, or even in Safari's defenses that keep malicious sites from accessing the sensors. Instead, the attack surmounts all of these barriers just by generating a convincing disguise.

Re:

[Rick Zeman]

This is for when the camera is not mechanically disabled. Plus, since the bypass is masquerading an app, that the camera light would still be on. (Assuming on that one.)

Re:

[Antique Geekmeister]

The camera light being on depends on the camera being wired directly to the display signal. I believe this is quite rare: it is _desirable_ to separate them, precisely for law enforcement or someone testing the laptop or phone to enable the camera without informing the user. It does sound like something to verify in the circuitry, rather than merely ask Apple. Does anyone have a Apple laptops or phones to sacrifice and trace circuitry with?

Re:

[rthille]

I haven't followed the latest hardware, but in the past, the camera-on LED was controlled locally by the camera firmware. There *were* attacks (which required local code execution, and possibly root perms) which would allow you to override the LED, but I haven't kept up on the cat/mouse around that.

Bananas help

[nospam007]

They all have a little sticker you can put over the camera.

Re:

[sid crimson]

They all have a little sticker you can put over the camera.

The article also mentions remote control of the microphone. Which fruit do you recommend to solve that issue?

Re:

[nospam007]

"The article also mentions remote control of the microphone. Which fruit do you recommend to solve that issue?"

Take an old headphone, put it in the microphone jack and cut the cable.

Re:Bananas help

[Pieroxy]

"The article also mentions remote control of the microphone. Which fruit do you recommend to solve that issue?"

Take an old headphone, put it in the microphone jack and cut the cable.

What jack are you talking about ?

Ok, so?

[SilverJets]

If you want to watch a fat 50-something sitting in his underwear at the computer, I guess that's your fetish.

Re:

[RotateLeftByte]

What? You mean the person pretending to be 'Monique' aged 15 from Duluth?

Apple

[AndyKron]

It just works!

Re:

[BoRegardless]

... For Everyone!

Re:Apple

[RandomUsername99]

::single vulnerability in chrome that allows recording cam/video::

"Bad vulnerability! Everyone better update :-)" ::successfully exploit 3 vulnerabilities in succession to access cam/video::

"NiCe JoB StOoPiD ApPlE! Ur DuMb FaNbOyZ wIlL NeVeR LeArN!!!"

what a clickbait headline

[Tom]

Seriously. What a clickbait.

"Hacker can exploit all apple devices!" ... well, actually it's been patched for weeks. And it only affects Safari.

I mean yeah, it's something to write about, but did I miss /. being sold to Fox News or something?

Re: what a clickbait headline

[SleepingEye]

The same people Boeing IE bugs out of proportion. :p

Clickbait post with false claim of clickbait

[JoeyRox]

Your post claiming this article is clickbait is what's actually the clickbait here. Lots of security issues are reported post hoc - this exploit was available for years. The point of reporting it now is to bring attention to security lapses in a piece of software, which readers can use to evaluate the probability of future security lapses. Then you go on to claim it only affects Safari...which happens to be the most popular web browser on both Mac OS and iOS so I don't even understand your point.

Re:

[Tom]

Your post claiming this article is clickbait is what's actually the clickbait here.

You apparently don't understand what the "click" in "clickbait" means.

The point of reporting it now is to bring attention to security lapses in a piece of software,

That's fine. I even explicitly said it should be reported - just not with an "omg we're all going to die!" headline.

Re:

[JoeyRox]

Click means to click - bait means to induce a click by misdirection. There was no misdirection in this article. And how does a headline that reads "A Hacker Found a Way to Take Over Any Apple Webcam" convey panic like "we're all going to die".

Re:

[Tom]

Avoidance of argument.

Yes, click means to click. So how do you turn that around to apply to my comment - which doesn't require or invite a click?

And yes, the headline is bait. "any apple webcam" ...as long as you're browsing the Internet ...using Safari ...on a machine not patched for a while

That's like saying: "enemy forces have occupied the USA!!!11oneeleven" ...well, US territorry ...outside the mainland ...ok, it was an abandoned military base

Re:

[JoeyRox]

By your reasoning every ahref tag on the internet is clickbait. Your argument is utter nonsense.

Re:

[Tom]

It may be that my brain cells are still working properly, but I have acute difficulty following your chain of reason, or whatever there is that has a resemblance to one.

I called the headline "clickbait".

You claimed that my comment doing so is "clickbait".

I pointed out that here is nothing to click that I could be baiting anyone into.

You mention something about hrefs that has at best once met someone who is the third cousin of a distant relative of someone who in a former life head seen someone speaking abou

Re:

[AHuxley]

If the issue was fixed or was not an issue it would not be a story.
Still a security problem as presented? Then the world should find out about it.
Get the problems fixed.

Re:

[bill_mcgonigle]

> well, actually it's been patched for weeks

Do you only know people on the upgrade treadmill? I know plenty of soccer moms with iPhone 4S, 5, etc. who feel no need to upgrade and rather favor a smaller phone.

Apple has

[Revek]

A well earned reputation for obscurity. Remember all of those leaked celebrity pictures. That was apple security at its finest.

Re:

[hawk]

Apple's fault on those appeared to be not taking things like "I'm so hot!" as passwords . . .

Re:

[tlhIngan]

A well earned reputation for obscurity. Remember all of those leaked celebrity pictures. That was apple security at its finest.

Yeah, it was Apple's fault for not requiring 1024 character long passwords that must include Roman, Cyrillic and Greek letters, at least four emojis, one squiggle and a paw print. And changed every 10 seconds.

It was revealed "The Fappening" was a case of reused, guessed or phished passwords - there was no hack of Apple itself. Just celebrities who were a little careless.

Not a hack, a feature!

[LynnwoodRooster]

Part of the new iSeeYou functionality!

Re:

[93 Escort Wagon]

When I was a little kid back in the age of oil lamps and steam trains, we had a local morning show for children - "JP Patches" - featuring a clown who lived at the city dump. He had a magical television called "ICU2 TV" through which he could see the kids who'd had birthdays during that week and wish each of them "happy birthday" by name. ... all of which matters to absolutely no one here, but your post brought back that memory.

Re:

[LynnwoodRooster]

I LOVED JP PATCHES! And Gertrude! You must be from Seattle, too!

Remember, Patches Kids had to mind mommy and daddy, wash, clean up your toys, say your prayers, eat your food... There were others I don't remember, but I used to love watching JP Patches. Channel 7, KIRO, right?

Re:

[93 Escort Wagon]

Haha I wondered if you were from the local Lynnwood... there are a lot of them in various places.

Yeah, KIRO. I (more or less) grew up in the Tacoma area - dad was in the army, so he'd get deployed and we'd follow along when it was allowed. But this was their home base, though, and it's where I still live.

Also, Ketchikan the Animal Man!

Re:

[LynnwoodRooster]

I grew up in Ballard, then after college I moved to Lynnwood, and Edmonds - before I started traveling, living on 3 other continents, and settling down in Ventura, CA. And the Aroma from Tacoma! :) Although the Tacoma Dome is still an awesome looking structure!

Re:

[93 Escort Wagon]

Oh, man. When I was a teenager, I had a couple different part time jobs which were down on the Tacoma Tideflats. That nasty aroma was no joke!

Fortunately I lived quite a bit east of all that... but it was something to "look forward to" when I had to go to work.

Re:

[LynnwoodRooster]

Out towards Puyallup?

I also loved Almost Live!, that was always better than SNL... Jon Jon Jon Jon Jon Jon Jon Jon Jon Jon Jon Jon Keeeisterrrrrrrr. And the Lame List!

Re:

[93 Escort Wagon]

Mind Your Manners, with Billy Quan. “Be like Billy... behave yourself!”

I was somewhat south of Puyallup in various parts of unincorporated Pierce County - around Fort Lewis, Summit, Spanaway (I think Spanaway is an actual town now, but it wasn’t an “official” place back then). I went to Cow Pie High (Bethel HS) - which is now in the middle of suburban sprawl, but back then was mostly surrounded by farmland.

You must’ve gone to Ballard High? Or was Seattle still bussing ki

Re:

[LynnwoodRooster]

Busing - and so I worked my way through O'Dea... $1500/year tuition, that was a LOT of newspapers delivered to pay for it! Although I did NOT learn to drive from the Ballard School of Driving - I keep my belt INSIDE the car and don't drive around with the left signal on all the time!

Re:

[93 Escort Wagon]

Haha, I bet there are, at best, a half-dozen Slashdotters who would get that “Ballard Driving School” reference.

BTW I don’t know if you’ve seen Ballard in the last 10-20 years. If not, you absolutely would not recognize it nowadays. Old Ballard is pretty much gone.

Re:

[LynnwoodRooster]

When they axed the Denny's on 15th and Market, and the last lutefiske shop closed - Ballard died. I still remember Sunset bowl, Syttende Mai parades, and lots of blue-collar folks. Ballard died at the turn of the millennia...:(

Re:

[93 Escort Wagon]

I went to college at Seattle Pacific - my wife and my first apartment was on Queen Anne. We ate at the Ballard Denny's a number of times; although more often we'd go to a different diner there on 15th - Jason's, maybe? And we used to love to go to Totem House, get some greasy fish and chips, and walk over to the Ballard Locks to watch the boats on sunny summer days.

Actually Totem House is still there, or at least was last time I was in the area... But Hiram's at the Locks is now a conference center.

Re:

[LynnwoodRooster]

Really? I was SPU - class of 1990, BSEE! The Slick was my home for 4 long years...;)

Re:

[93 Escort Wagon]

I was class of '82 - a handful of years before they got their accreditation in EE. I did a dual major in Physics and Engineering Science.. But yeah, I pretty much lived in the Slick - I think it was pretty new (so to speak - new to SPU anyway) when I was there.

Haha, that is incredible!

Re:

[LynnwoodRooster]

Tiny world... I take it you had Prof. Nutley and Prof. Hughson? Hughson's son was my best friend growing up...

Re:

[93 Escort Wagon]

If I remember correctly, Nutley and Hughson taught the main engineering courses. Eric Nutley (the prof’s son) was actually in my class. He had a older brother (Dan?} who I saw occasionally as well, but he was a couple years ahead.

Nutley was also the instructor for FORTRAN - although by the end of the quarter I’m pretty sure I knew it better than he did. :-P He was a great guy.

On the physics side there was Anderson and Crichton. Both of them were older, so they might’ve retired by the time

Re:

[LynnwoodRooster]

Yeah, I had Nutley for E/M theory, and Anderson for Intro to Physics - with a few other classes from Karl Krienke. Truly great to meet you!

Re:

[93 Escort Wagon]

Krienke... I'm actually surprised he was still teaching. I think he was talking about retiring when I was there - must've gotten a second wind.

Anyway, it was fun talking to you! We now return to our regularly scheduled program...

Was it visible?

[Logger]

Iâ(TM)m curious to know, at least on macs, did the camera light turn on? Or was that bypassed somehow. There is no corresponding microphone light, so thatâ(TM)s a problem.

On iOS devices there also is no visual indicator for camera and mic, so that is also a problem. Or did the devices show a pop up before activating the camera and/or mic. The article doesnâ(TM)t say, so Iâ(TM)m assuming there was no indication.

Re:

[AHuxley]

Depends on the software and hardware of that year and the code?

"Apple has a well-earned reputation for security"

[Anonymous Coward]

"Apple has a well-earned reputation for security"

Opening with a joke, I see...