Skip to main content
  1. Home
  2. Mobile
  3. News

Apple pays $75,000 to hacker for discovery of exploits to hijack iPhone camera

Aaron Mamiit
By

Apple awarded $75,000 to a hacker who discovered exploits that allowed him to hijack the cameras of iPhones and Macs.

Recommended Videos

Security researcher and former Amazon Web Services security engineer Ryan Pickren disclosed at least seven zero-day vulnerabilities in Safari to Apple, according to Forbes. Three of these vulnerabilities may be used to hijack the cameras of iOS and macOS devices.

Related

The exploit required victims to visit a malicious website, which could then access their device’s camera if it had previously trusted a video conferencing service such as Zoom.

“A bug like this shows why users should never feel totally confident that their camera is secure,” Pickren told Forbes, “regardless of operating system or manufacturer.”

Pickren informed Apple about his discovery in mid-December 2019. Apple validated all seven vulnerabilities, and after a few weeks, released a fix for the iOS and macOS camera exploit. The security researcher was then paid $75,000, which Pickren said was his first earnings from the company.

Security researcher Sean Wright told Forbes that the exploit that Pickren discovered, even if it required the victim to visit a malicious website, was “a very viable form of attack.” Wright added that compared with the attention on webcams in computers, there has not been much focus on the cameras and microphones of mobile phones, which he said is “a far more likely route” for attackers if they want to eavesdrop on their targets.

Bug bounties

Bug bounty programs provide incentives to security researchers to help tech companies find vulnerabilities in their software, instead of the exploits falling into the hands of malicious hackers.

Apple, which launched a bug bounty program in 2016, made changes in August 2019 that included the addition of a $1 million reward for hackers who could launch a “zero-click full chain kernel execution attack with persistence.” In December 2019, the program was finally expanded to accept submissions for macOS bugs.

Apple rival Google has also been generous with its bug bounty program, with an up to $1.5 million reward for “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.” In 2019, Google paid a total of $6.5 million in bug bounties, for a total of $21 million since the program was launched in 2010.

Editors' Recommendations

Topics
Aaron Mamiit
Aaron Mamiit
Contributor
Aaron received a NES and a copy of Super Mario Bros. for Christmas when he was 4 years old, and he has been fascinated with…
We now know when Apple is adding RCS to the iPhone
The iPhone 14 Plus held in a man's hand.

Last November, Apple made a surprise announcement when it confirmed that RCS was coming to the iPhone in 2024. It's something iPhone and Android phone users alike have been waiting years for, but there was just one small problem: Apple never said when in 2024 RCS was coming. Thanks to Google, of all companies, we now have a better idea of when RCS is heading to the iPhone.

As spotted by 9to5Google, the Android website was recently updated with a new page dedicated to Google Messages. If you click on the "See more features" button for the section talking about RCS, there's a section titled "Better messaging for all" with the following text: "Apple has announced it will be adopting RCS in the fall of 2024. Once that happens, it will mean a better messaging experience for everyone."

Read more
iOS 18 could make my iPhone look like Android, and I hate it
The Apple iPhone 15 Pro Max and the Samsung Galaxy S23 Ultra's rear panels.

If rumors are to be believed, iOS 18 will allow you to customize the home screen on your iPhone more substantially than ever before. This feature will be familiar to Android phone owners, but I don’t want my iPhone to look like an Android phone.

It’s a weird double-edged sword, as by giving you more freedom to make the home screen look unique, iOS may also lose what makes it unique compared to the less constrained world of Android.
iOS 18 and your iPhone home screen

Read more
Apple just announced the dates for WWDC 2024
WWDC 2024 banner.

Apple has just announced the dates for its Worldwide Developers Conference (WWDC) 2024. WWDC will take place from June 10 through June 14, 2024. A special event will be held at Apple Park in Cupertino, California, on June 10, and we expect to see the reveal of iOS 18, iPadOS 18, watchOS 11, tvOS 18, macOS 15, and visionOS 2.

WWDC will be free for all developers online. Developers will be able to access a variety of online sessions and labs that will showcase the latest advancements in software across all of Apple’s hardware.

Read more