Introduction
A hacker found seven Zero-Day vulnerabilities in Apple Safari that clicked him to perform a chain attack—using three out of seven vulnerabilities. He found out a flaw that leads to hijacking the iPhone camera successfully, any iOS or macOS camera too.
Security researchers or Ethical hackers put their efforts and show their talents to secure the products and services to break. Apple announced a top bug bounty of $1.5 million for the most severe iPhone flaws. Ryan Pickren shared the BugPoC (Bug Proof of Concept) disclosed his seven Zero-Day vulnerabilities discovery that clicked him to hijack the iPhone camera and earned $75,000 from Apple for his efforts. It was a part of the Apple bug bounty program.
Who is Ryan Pickren?
Ryan Pickren was a former Amazon Web Services (AWS) security engineer. When he was a student, he arrested, and he pranked to the unsecured University of Georgia that “Get Ass Kicked by GBT.” referred to the upcoming college football game. He jailed for a couple of hours on Christmas Eve, and he has done voluntarily with cybersecurity work for a year, which gives him a pickup in his career. Ryan told during an email conversation he also earned over $300,000 (£242,500) from the United Airlines Bug Bounty Program over the summer.” He proved his hacking skills in software and hardware by building a physical Amazon IoT button that anyone can buy a drink at Starbucks with only one-click. He involved bypassing certificate pinning, monitoring app traffic, spoofing API calls, writing a Python library, and making an AWS function, which sent him a text message confirming the order. His approach to matters of security.
How this hacker gain unauthorised access to the iPhone camera?
In December 2019, Ryan decided to put a concept that “Bug hunting is all about finding assumptions in software and violating those assumptions to see what happens to test out.” He opted to investigate Apple Safari for iOS and macOS. On the go, he found something weird behaviour that was not covered.
Ryan focused on the camera security model and understands that Apple has made the camera very secure. He checked every app that wants access to the camera/ microphone permission, and it can handle by an OS alert box. He found Apple’s apps, which is led to the Mobile Safari app, to see how he could gain access to authorised access to camera/microphone.
Ryan found seven Zero-Day vulnerabilities in Safari (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787). Three out of seven vulnerabilities can use in the camera hacking. These vulnerabilities involved in the way that Safari parsed Uniform Resource Identifiers (URI), managed and initially securing web origins and contexts. This involved users to visit a malicious website. The website can easily and directly access the camera previously trusted video conferencing site such as Zoom.
Example: “A bug shows why users should never feel confident that their camera is secure,” Ryan said, “regardless of operating system or manufacturer.”
What happened next?
In mid-December 2019, Ryan reported his research via Apple Bounty Program. “My research uncovered seven bugs,” Ryan says, ” but only 3 of them ultimately used to access the camera/microphone. Apple immediately and fixed all the seven bugs and also for the three bug camera kill chain. The three Zero-Day camera kill chain can exploit distribute in the Safari 13.0.5 update released January 28. The remaining Zero-Day vulnerabilities are less severe and also patched in the Safari 13.1 release on March 24.
Ryan was paid the first bounty as $75,000 from Apple which is a good start. He said “I enjoyed working with the Apple product security team when reporting these issues.”
Ryan also said, “the new bounty program is going to help secure products and protect customers. I’m excited that Apple embraced the help of the security research community.”
A very viable form of attack
Sean Wright, a security researcher, said that “while everyone has been paying attention to their webcams on PCs and laptops, a few have been paying attention to their webcams as well as microphones on their mobiles.” Which, when you stop to think about it, is bizarre as it’s a far more likely route an attacker will take to eavesdrop on victims. “People are a lot more likely to have their mobile on them for most of the time,” Wright says, “especially perhaps when discussing sensitive matters.” And while the need to socially engineer a user into visiting a malicious site does, admittedly, add some complexity to the threat, Wright concludes, “it is certainly a very viable form of attack.”
