Categories: News

Apple users, attackers could be using this Safari hack to access your webcam

You know how Apple users are always talking about the supposedly better security that the ecosystem offers? Whether that is a factual statement or not, Apple’s reputation for security has been arguably well-earned over the years. However, a security researcher has now shared his discovery of a vulnerability on the Safari browser that allows attackers to take control of your Apple device’s camera.

According to Ryan Pickren, the issue affects Desktop Safari for Mac computers, as well as Mobile Safari on iPhones and iPads. All that’s needed is for victims to click a malicious link to give attackers access to front and rear cameras (or just the front on a Mac), microphones, screensharing, and potentially other private information like plaintext passwords.

How does this work?

SOURCE

Basically, the hack works by duping the Safari browser into believing that a malicious website is a trusted one. Normally, the camera apps on iOS and macOS require specific permissions—the ones you usually see in pop-up alerts when using an app for the first time. However, Pickren discovered vulnerabilities in Safari that allows some of Apple’s apps to access the camera without any permission prompts.

“My research uncovered seven zero-day vulnerabilities in Safari (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787), three of which were used in the kill chain to access the camera.”

What’s even more worrying is that “new web technologies” also mean that certain websites can access your camera—all you need to do is to click on, say, a banner ad.

“If the user chooses a suitable browser which they know can trust, then all WebRTC communication can be considered ‘secure’ […] In other words, the level of trust provided to the user by WebRTC is directly influenced by the user’s trust in the browser.” 

When dealing with site permissions, users often save their preferences in the Safari browser. These permissions often cover microphone and camera access (among others), and attackers take advantage of this by creating websites that appears to Safari as a “trusted website”. This then grants the site the same permissions that you might have earlier granted to a video conferencing app like Skype or Zoom.

SOURCE

Attackers could theoretically use websites, ad banners, or even browser extensions to take advantage of the vulnerability, and the issue is basically how Safari handles URLs and recognises “secure” sources. Essentially, the attack works by disguising a malicious site as a trusted source. Here’s how it works, in technical terms:

  • Open evil HTTP website
  • HTTP website becomes a data: URI
  • data: URI becomes a blob: URI (with magic blank origin)
  • Manipulate window.history (in 2 parts!)
  • Create an # iframe and document.write to it
  • Dynamically give this iframe the sandbox attribute
  • Attempt an impossible frame navigation using X-Frame-Options
  • From within the iframe, window.open a new popup and document.write to it
  • Profit

Pickren reported the bug to Apple’s Security Bounty Program, and received USD75,000 (~RM319,050) for his efforts. Wired reports that the vulnerabilities have already been patched in the latest January and March updates, so be sure to keep your Safari and iOS/macOS versions updated. As always, you should always only click links from sources that you trust, and always be aware of the permissions that you are granting—especially if you’re visiting new, unknown websites.

[ SOURCE , 2 ]

Recent Posts

Australia is making social media illegal for children under 16, should Malaysia follow suit?

Australia is proposing to implement a law that will ban children under the age of…

15 hours ago

Setel to charge 1% fee for credit card top-ups starting 5th December

Setel, the petrol and EV charging payment app from Petronas, will soon introduce a 1%…

16 hours ago

The secret to cleaning floors every day without exhaustion – Samsung BESPOKE Jet Bot Combo Steam

This post is brought to you by Samsung. In today’s fast-paced world, finding time for…

17 hours ago

Have multiple tech items in your cart waiting for the right price? Shopee 11.11 Electronics Zone Sale brings the right prices

This post is brought to you by Shopee. If you’re looking for an electronics marketplace…

17 hours ago

BYD Sealion 7 to launch in Malaysia on 14 November

BYD Sealion 7 will be launched in Malaysia on 14 November, according to Sime Darby…

20 hours ago

You can now get MG4 for under RM96,000 in Malaysia

Aside from the MG ZS EV, SAIC Motor Malaysia has also announced rebates for selected…

23 hours ago

This website uses cookies.