#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

camera hack | Breaking Cybersecurity News | The Hacker News

How Just Visiting A Site Could Have Hacked Your iPhone or MacBook Camera

How Just Visiting A Site Could Have Hacked Your iPhone or MacBook Camera

Apr 03, 2020
If you use an Apple iPhone or a MacBook, we have a piece of alarming news for you. Turns out merely visiting a website — not just malicious but also legitimate sites unknowingly loading malicious ads as well — using Safari browser could have let remote attackers secretly access your device's camera, microphone, or location, and in some cases, saved passwords as well. Apple recently paid a $75,000 bounty reward to an ethical hacker, Ryan Pickren , who practically demonstrated the hack and helped the company patch a total of seven new vulnerabilities before any real attacker could take advantage of them. The fixes were issued in a series of updates to Safari spanning versions 13.0.5 (released January 28, 2020) and Safari 13.1 (published March 24, 2020). "If the malicious website wanted camera access, all it had to do was masquerade as a trusted video-conferencing website such as Skype or Zoom," Pickren said. When chained together, three of the reported Safari
New Flaw Lets Rogue Android Apps Access Camera Without Permission

New Flaw Lets Rogue Android Apps Access Camera Without Permission

Nov 20, 2019
An alarming security vulnerability has been discovered in several models of Android smartphones manufactured by Google, Samsung, and others that could allow malicious apps to secretly take pictures and record videos — even when they don't have specific device permissions to do so. You must already know that the security model of the Android mobile operating system is primarily based on device permissions where each app needs to explicitly define which services, device capabilities, or user information it wants to access. However, researchers at Checkmarx discovered that a vulnerability, tracked as CVE-2019-2234 , in pre-installed camera apps on millions of devices could be leveraged by attackers to bypass such restrictions and access device camera and microphone without any permissions to do so. How Can Attackers Exploit the Camera App Vulnerability? The attack scenario involves a rogue app that only needs access to device storage (i.e., SD card), which is one of the mo
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Is Facebook Secretly Accessing Your iPhone's Camera? Some Users Claimed

Is Facebook Secretly Accessing Your iPhone's Camera? Some Users Claimed

Nov 12, 2019
It appears that Facebook at the center of yet another issue involving privacy. Reportedly, multiple iPhone users have come forward on social media complaining that the Facebook app secretly activates their smartphone's camera in the background while they scroll through their Facebook feeds or looking at the photos on the social network. As shown in the Twitter videos below, when users click on an image or video on the social media to full screen and then return it back to normal, an issue with the Facebook app for iOS slightly shifts the app to the right. It opens a space on the left from where users can see the iPhone's camera activated in the background. However, at this moment, it's not clear if it's just an UI bug where Facebook app incorrectly but only accesses the camera interface, or if it also records or uploads something, which, if proven right, would be the most disastrous moment in Facebook's history. Found a @facebook #security & #pri
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Apple's New MacBook Disconnects Microphone "Physically" When Lid is Closed

Apple's New MacBook Disconnects Microphone "Physically" When Lid is Closed

Oct 31, 2018
Apple introduces a new privacy feature for all new MacBooks that "at some extent" will prevent hackers and malicious applications from eavesdropping on your conversations. Apple's custom T2 security chip in the latest MacBooks includes a new hardware feature that physically disconnects the MacBook's built-in microphone whenever the user closes the lid, the company revealed yesterday at its event at the Brooklyn Academy of Music in New York. Though the new T2 chip is already present in the 2018 MacBook Pro models launched earlier this year, this new feature got unveiled when Apple launched the new Retina MacBook Air and published a full security guide for T2 Chip yesterday. "This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed," Apple explained in the guide [ PDF ]. The tech giant furt
Hard-coded Passwords Make Hacking Foscam ‘IP Cameras’ Much Easier

Hard-coded Passwords Make Hacking Foscam 'IP Cameras' Much Easier

Jun 08, 2017
Security researchers have discovered over a dozen of vulnerabilities in tens of thousands of web-connected cameras that can not be protected just by changing their default credentials. Vulnerabilities found in two models of IP cameras from China-based manufacturer Foscam allow attackers to take over the camera, view video feeds, and, in some cases, even gain access to other devices connected to a local network. Researchers at security firm F-Secure discovered 18 vulnerabilities in two camera models — one sold under the Foscam C2 and other under Opticam i5 HD brand — that are still unpatched despite the company was informed several months ago. In addition to the Foscam and Opticam brands, F-Secure also said the vulnerabilities were likely to exist in 14 other brands that use Foscam internals, including Chacon, 7links, Netis, Turbox, Thomson, Novodio, Nexxt, Ambientcam, Technaxx, Qcam, Ivue, Ebode and Sab. The flaws discovered in the IP cameras includes: Insecure default cr
Apple Patents Technology to remotely disable your iPhone Camera at Concerts

Apple Patents Technology to remotely disable your iPhone Camera at Concerts

Jul 01, 2016
Here's something you'll not like at all: Apple has been awarded a patent for technology that would prevent you from snapping pictures and shooting videos with your iPhone or iPad at places or events, like concerts or museums, where it might be prohibited or inappropriate. The patent , granted on Tuesday by the United States Patents and Trademark Office, is highly technical. Apple's latest patent describes an iPhone or iPad camera receiving coded infrared signals beamed from emitters in public places would temporarily disable device camera functionality, preventing any photography or recording for as long as the signal is on. "An infrared emitter can be located in areas where picture or video capture is prohibited," reads the patent. "An electronic device can then receive the infrared signals, decode the data and temporarily disable the device's recording function based on the command." The technology patented by Apple could also be used to be
Web-based DropCam Surveillance Systems Vulnerable to Hackers

Web-based DropCam Surveillance Systems Vulnerable to Hackers

Jul 15, 2014
The popular home surveillance webcam service DropCam that keep an eye on your house when you aren't there, can be used as a weapon against you by the cybercriminals, claimed a pair of researchers. San Francisco-based DropCam, last month announced it would be acquired by Google's Nest for $555 million in cash, makes home-monitoring cameras for the past five years, which allow users to keep track of what's going on inside their homes using a small surveillance camera. Two researchers named Patrick Wardle and Colby Moore of Synack who discovered the weakness in the Wi-Fi enabled video monitoring system, which they will demonstrate at the DEFCON 22 Hacker Conference in Las Vegas next month. This WiFi-enabled security camera, that comes for $149 or $199, depending on video quality, requires little-to-no-effort to maintain. You plug it in, get it up on your WiFi, and all is set. If you want to check in on your cameras remotely, it cost you nothing, and if you want DropCam
Linux Worm targets Internet-enabled Home appliances to Mine Cryptocurrencies

Linux Worm targets Internet-enabled Home appliances to Mine Cryptocurrencies

Mar 20, 2014
Could a perfectly innocent looking device like router, TV set-top box or security cameras can mine Bitcoins? YES! Hackers will not going to spare the Smart Internet-enabled devices. A Linux worm named Linux . Darlloz , earlier used to target Internet of Things (IoT) devices, i.e. Home Routers, Set-top boxes, Security Cameras, printers and Industrial control systems; now have been upgraded to mine Crypto Currencies like Bitcoin. Security Researcher at Antivirus firm Symantec spotted the Darlloz Linux worm back in November and they have spotted the latest variant of the worm in mid-January this year. Linux . Darlloz worm exploits a PHP vulnerability ( CVE-2012-1823 ) to propagate and is capable to infect devices those run Linux on Intel's x86 chip architecture and other embedded device architectures such as PPC, MIPS and MIPSEL. The latest variant of Linux . Darlloz equipped with an open source crypto currency mining tool called ' cpuminer ', could be use
Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability

Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability

Nov 30, 2013
A Symantec researcher has discovered a new Linux worm, targeting machine-to-machine devices, and exploits a PHP vulnerability ( CVE-2012-1823 ) to propagate that has been patched as far back as May 2012. Linux worm, which has been dubbed Linux.Darlloz , poses a threat to devices such as home routers and set-top boxes, Security Cameras, and even industrial control systems. It is based on proof-of-concept code released in late October and it helps spread malware by exploiting a vulnerability in php-cgi . " Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability. If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. " the Symantec researchers explained. The malware does not appear to perform any malicious activity other than silently spreading itself and wiping a load of system
Apple's new technology will allow government to control your iPhone remotely

Apple's new technology will allow government to control your iPhone remotely

Aug 29, 2013
Recently, The Social Media is buzzing over reports that Apple has invented a new technology that now can Switch off iPhone Camera and Wi-Fi, when entering a 'sensitive area'. Technology would broadcast a signal to automatically shut down Smartphone features, or even the entire phone. Yes ! It's true, On June 2008 - Apple filed a patent ( U.S. Patent No. 8,254,902 ) - titles " Apparatus and methods for enforcement of policies upon a wireless device " that defines the ability of U.S. Government to remotely disable certain functions of a device without user consent. All they need to do is decide that a public gathering or venue is deemed sensitive and needs to be protected from externalities. Is it not a shame that you can't take a photo of the police officer beating a man in the street because your oppressive government remotely disabled your Smartphone camera? Civil liberties campaigners fear it could be misused by the authorities to silence 'awkward citi
Activating mobile malware with Music and Light Sensors

Activating mobile malware with Music and Light Sensors

May 30, 2013
Researchers at the University of Alabama at Birmingham (UAB) presented the research that it is possible to trigger malware hidden in mobile devices using music, lighting, or vibration. In a research paper titled " Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices ", the researchers reported that they triggered malware hidden in mobile devices using music from 17 meters away in a crowded hallway. Malware once activated would carry out programmed attacks either by itself or as part of a wider botnet of mobile devices. Presenting their findings at a conference earlier this month, the researchers explained how sensors in ubiquitous mobile devices have opened the door to a new generation of mobile malware that unsuspecting users unwittingly downloaded onto their devices. Since the trigger needs to be relatively close to the smartphone to active any hidden malware, any threats would be limited to the local environment. " We showed that these sensory channe
Cybersecurity Resources