Apple Pays $100,000 Bounty to Student Who Successfully Hijacks a Mac’s Camera

Submit

A cyber security student successfully managed to hack a Mac’s camera, and for his efforts, he was awarded $100,000 in bounty from Apple. Want to know how he did it? Then continue reading on.

Student Says the Bounty Was the Highest Amount Apple Has Ever Paid so Far

Ryan Pickren is a Ph.D. student in cyber security at the Georgia Institute of Technology. Previously, in 2019, he found some vulnerabilities that he successfully exploited, which enabled him to switch on an iPhone camera and its microphones without requiring the user to activate privacy permissions. For his efforts, he was paid a bug bounty of $75,000 from Apple.

Latest iOS 16 Concept Envisions Always-On Display, New App Icons, Interactive Widgets, More

Since then, he has moved on to the Mac’s camera, and he explains below how he achieved the feat.

“My hack successfully gained unauthorized camera access by exploiting a series of issues with iCloud Sharing and Safari 15. While this bug does require the victim to click “open” on a popup from my website, it results in more than just multimedia permission hijacking. This time, the bug gives the attacker full access to every website ever visited by the victim. That means in addition to turning on your camera, my bug can also hack your iCloud, PayPal, Facebook, Gmail, etc. accounts too.”

Hacking the Mac’s camera involved finding an invulnerability in an iCloud sharing app called ShareBear. If you accept an invitation to share a document with another person, your Mac will remember that permission has been granted and will not ask again if you re-open the document at a later time. Since the file is not stored on your local storage, the owner can change it after you have accessed it.

That same file’s type can also be changed, turning it into an executable, allowing malicious individuals to gain access to someone’s computer. Pickren used this idea to turn a Pages document or image into malware, and since your Mac will not as for permission again, it will happily open it, thereby granting access. In addition to hacking the Mac’s camera, Pickren also obtained access to the machine’s microphone.

Unfortunately, since Apple’s green LED lights up whenever this happens, even under normal circumstances, a curious user on the other end can quickly figure out what is going on and take appropriate measures. Pickren submitted these bugs to Apple in mid-July last year, and since then, the company has patched this invulnerability. For these findings, the technology giant rewarded him $100,500 in bounty, which Pickren claims is the highest sum ever paid by the company through its security program.

News Source: Ryan Pickren

Submit