Apple paid $75,000 to hacker for hijacking iPhone camera via Safari as part of its bug bounty program

Hemani Sheth Mumbai | Updated on April 04, 2020 Published on April 04, 2020

File photo   -  REUTERS

pple paid ethical hacker Ryan Pickren $75,000 for finding vulnerabilities in Apple’s browser Safari which allowed an attacker to hack the user’s camera according to media reports.

Pickren discovered seven zero-day vulnerabilities in Apple Safari, three of which enabled him to form an attack chain and successfully hijack the iPhone camera, Forbes reported.

Apple had upped its bug bounty program back in 2019, increasing the amount to $1.5 million for the most serious of iPhone hacks. Pickren, a former security engineer at Amazon Web Services (AWS) had set out to find vulnerabilities in the system as part of the bug bounty program.

He delved into the Apple Safari browser for iOS and macOS, to "hammer the browser with obscure corner cases" in order to uncover unusual behaviour. He was able to discover seven vulnerabilities and had used three of them to hack into the system’s camera security model.

Pickren focused on hacking into the camera by prompting the user to log into a malicious website on safari. The website would then enable him to hack into the user’s camera under the guise of trusted video conferencing websites which had earlier gained access to the phone’s camera according to the Forbes report.

He had then compiled his research and reported the same to Apple back in mid-December 2019, working with Apple’s security team to patch the vulnerabilities.

Apple fixed three of the flaws in its January 28 Safari 13.0.5 update and the remaining four vulnerabilities were patched in the Safari 13.1 released on March 24.

Published on April 04, 2020

A letter from the Editor

Dear Readers,

The coronavirus crisis has changed the world completely in the last few months. All of us have been locked into our homes, economic activity has come to a near standstill. Everyone has been impacted.

Including your favourite business and financial newspaper. Our printing and distribution chains have been severely disrupted across the country, leaving readers without access to newspapers. Newspaper delivery agents have also been unable to service their customers because of multiple restrictions.

In these difficult times, we, at BusinessLine have been working continuously every day so that you are informed about all the developments – whether on the pandemic, on policy responses, or the impact on the world of business and finance. Our team has been working round the clock to keep track of developments so that you – the reader – gets accurate information and actionable insights so that you can protect your jobs, businesses, finances and investments.

We are trying our best to ensure the newspaper reaches your hands every day. We have also ensured that even if your paper is not delivered, you can access BusinessLine in the e-paper format – just as it appears in print. Our website and apps too, are updated every minute, so that you can access the information you want anywhere, anytime.

But all this comes at a heavy cost. As you are aware, the lockdowns have wiped out almost all our entire revenue stream. Sustaining our quality journalism has become extremely challenging. That we have managed so far is thanks to your support. I thank all our subscribers – print and digital – for your support.

I appeal to all or readers to help us navigate these challenging times and help sustain one of the truly independent and credible voices in the world of Indian journalism. Doing so is easy. You can help us enormously simply by subscribing to our digital or e-paper editions. We offer several affordable subscription plans for our website, which includes Portfolio, our investment advisory section that offers rich investment advice from our highly qualified, in-house Research Bureau, the only such team in the Indian newspaper industry.

A little help from you can make a huge difference to the cause of quality journalism!

Support Quality Journalism
This article is closed for comments.
Please Email the Editor
You have read 1 out of 3 free articles for this week. For full access, please subscribe and get unlimited access to all sections.