Hacker who could hijack iPhone cameras gets $75,000 reward from Apple

BY admin April 5, 2020 Apple ، Technology 2 views

Ethical (“white hat”) hackers use their skills in order to help organizations tighten their security systems, by discovering and reporting flaws.

Ethical (“white hat”) hackers use their skills in order to help organizations tighten their security systems, by discovering and reporting flaws.

One such is Ryan Pickren, an Amazon Web Services ex-security engineer, who earned an impressive reward of $75,000 by disclosing an iPhone camera vulnerability he found to Apple, through the Apple Security Bounty program.

We’ve learned from Forbes (via 9to5Mac) that in December of 2019, while looking into Safari for iOS, Pickren would “hammer the browser with obscure corner cases” until weird behavior was uncovered. He focused on the camera security model, which he admitted was “pretty intense,” and eventually found seven zero-day bugs, three of which could be used for the hack in question.

In order for the hack to work, the user would first need to be tricked into visiting a malicious website. As long as the user had previously trusted any video conferencing site, the malicious one could get direct access to the iPhone’s camera.

Pickren reported the exploits to Apple via its Security Bounty program, and everything was patched in January. “I really enjoyed working with the Apple product security team when reporting these issues” Pickren told Variety.

Apple is one of many silicon valley companies who offer rewards to “white hat” hackers. Google itself is also rewarding anyone who can identify and mitigate vulnerabilities with Android’s Google Play.

Last year we also reported on an iOS 13 exploit that would allow hackers to see a user’s contacts even when their iPhone was locked. It was discovered and showcased by security researcher Jose Rodriguez, and was also eventually fixed. In that case however, Rodriguez claimed he was only given a $1 Apple Store card, as Apple told him it was not allowed to reward “security reports during beta period.”

Comments

write your comment.

Your email address will not be published.