Can iPhones cameras be hacked?

I'd say they're all relevant but then again I try to set aside my bias and actually gather information that may challenge preconceived notions. This will never get anywhere because no matter how much evidence is put in front of you you'll try to deny it or find some reason why it's simply not good enough without ever really contributing anything to support your claims other than other anonymous users of the internet who have spent a little too much time on this help forum.

Fact is the phones can be hacked..if you've seen what I have and what thousands of others report to have experienced maybe you'd consider that. Why else would there be such a focus on security if it wasn't an issue. "Nothing to see here...move along" much?

Those articles don't talk about the FBI paying for the San Bernardino shooter's passcode like you're assuming without reading them it seems..they're refering mostly to the CIA's stockpile of iOS exploits that have been widely published across the internet with the many thousands of pages of documens dumped by wikileaks earlier this year. They were and probably still are all over the internet. Many thousnands of very authentic looking documents and exploits that many journalistics and people with actual credentials have concluded to be legitimate. Now I know that the CIA is tinfoil hat speak..but any rational person would admit that loosing control of the source code for those programs would enable hackers to weaponize them for their own broader purposes. Even ethrecheck (malware/trojan it seems--don't download--not in app store for a reason ppl) guy said that opensource malware was released a year or so ago (this was before wikileaks dump btw) and that the "mac malware has gotten out of control".

Refusing to accept reality doesn't make it any less...please go read through the 1,274 and counting CVE issued Apple and MITRE Corp. that are iOS specific. Again that number is 1,274. That's One Thousand Two Hunder and Seventy Four if that's any clearer.

Many of them are affecting the kernel and other low level functions... Denying reality isn't going to convince anyone and I personally believe, in the long run, that attitude will be prove to be a major challenge for Apple who has been blessed by the false premise that their devices are inherently secure as more and more people realize this simply wasn't or isn't true any longer. I talk to a lot of people about this and have for a while..for the most part people seem to be adjusting their opinion on this topic. Plenty of evidence exists and one would have to have some legitimate credentials to convice anyone that they're experienced in the topic to be trusted as an unbiased resource. Those who have such countless points on this anonymous internet forum we're using make me wonder what their motivation for spending such a large quantity of their finite existance advising those who can't be bothered to call Apple Care about their issue.

I know what I've seen and not being in denial is simply the first of the 5 stages of grief. I'm truly sorry for your loss. Today is September 12, 2017 as a reminder for those whose watch need winding or ntpdate has been corrupted.

Yes. The camera on an iPhone is attached to the internet through wifi, cellular, near field connect, bluetooth and has been exploited through any number of protocols.

I personally have seen my camera operating in the background of my lock screen and I hadn't been using my camera anytime recently.

How common is it? Less common than the common cold and more common than some users here would like to believe. Unfortunately Apple is no longer untouchable and open source malware has been released for macOS--the OS for all Apple devices now--and cyber criminals are likely impoverished or not well and their time is essentially worthless making the hurdle of getting into your device surprisingly easy to get over.

Please review Apple iOS Security white paper if you're curious about the security features of your phone. https://www.apple.com/business/docs/iOS_Security_Guide.pdf

What's important to keep in mind is that the any network is just that, a network to transmit data through linked devices. How often do we hear of people say "there's nothing to see here" when there most certainly is..

Your safest option is a pen and paper, a Polaroid, and a VCR, but that's uh unpleasant..otherwise consider everything you say, do, see etc. is at some risk.

Threats are constantly evolving and yesterday's mission impossible is today's 7th grader with an iPhone in terms of capabilities. You'd likely never even notice if cyber criminal was truly a professional.

Apologies for the delayed reply..

I figured you all had Google or were fimiliar with Apple's Product Security department which manages responses to CVE (Common Vunerabilities and Exposures) reports via countless security updates for every device ever as documented here: Apple security updates - Apple Support

1,274 formal CVE IDs issued in total for iOS:

https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-15556/Appl e-Iphone-Os.html

http://fortune.com/2016/03/16/malware-infect-apple-iphone-ipad/

Researchers from the cybersecurity firm Palo Alto Networks (PANW, +0.60%)said on Wednesday that they discovered new malware that can infect Apple iOS devices even if they aren’t jailbroken.

http://webcache.googleusercontent.com/search?q=cache:_av_CiE9g6MJ:9to5mac.com/20 17/03/07/cia-ios-malware-wikileaks/+&cd=…

The BBC has reported that some of the iOS malware allows ‘the agency to see a target’s location, activate their device’s camera and microphone, and read text communications.’

http://appleinsider.com/articles/17/08/17/encryption-key-for-iphone-5s-touch-id- exposed-opens-door-to-further-research

Just prior to a hacker's conference, a participant has revealed that the iPhone 5s Secure Enclave has been hacked, and the decryption key for it has been revealed. --(secure enclave aka Touch ID)

http://www.businessinsider.com/hackers-governments-smartphone-iphone-camera-wiki leaks-2017-3

Kevin Mitnick, notorious hacker and author of the book "The Art of Invisibility," explains two easy ways that someone might hack into your phone.

Below I've posted the official documentation for just one vunerability which was issued its vunerability ID by Apple itself, and was confirmed by MITRE Corp. and the US Dept of Homeland Security. The researchers findings are there, confirmation and its CVE ID, and then further recoginiton from Apple about this exploit.

It says that a remote hacker can bypass security features and is able to execute commands at the kernel level.

Its confirmed to do the very thing you just wrongly declared was nonsense..so uh yeah keep telling me how I'm so clueless and you all are infallable wizards of the internets.

http://www.securitytracker.com/id/1038950

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7022

About the security content of iOS 10.3.3 - Apple Support

Yeah there have been almost 1300 CVE IDs issued for iOS alone...Go read all of them and then maybe any of you could have something half accurate to contribute. So either your heads are in the sand or you have some other motivation for denying reality.

But hey look on the bright side...you can just ignore me and continue to tell people seeking help to download malware from the internet. That's not illegal or anything.

Or save yourself 20 minutes of reading about ancient history and have a look here:

Apple security updates - Apple Support

https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-15556/Appl e-Iphone-Os.html

http://fortune.com/2016/03/16/malware-infect-apple-iphone-ipad/

http://appleinsider.com/articles/17/08/17/encryption-key-for-iphone-5s-touch-id- exposed-opens-door-to-further-research

http://www.businessinsider.com/hackers-governments-smartphone-iphone-camera-wiki leaks-2017-3

https://www.kb.cert.org/vuls/id/240311https://www.kb.cert.org/vuls/id/240311

https://www.us-cert.gov/ncas/current-activity/2017/09/12/BlueBorne-Bluetooth-Vul nerabilities

http://www.securitytracker.com/id/1038950

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7022

About the security content of iOS 10.3.3 - Apple Support

I love Apple products as much as the next bougie basic but its time to face the Despacito, as unpleasant as that may be.

chase_daniel wrote:

Yes. The camera on an iPhone is attached to the internet through wifi, cellular, near field connect, bluetooth and has been exploited through any number of protocols.

Please provide reliable citations for these assertions.

No the camera on its own is not connected to anything. Nor can it be hacked.

Unless you can provide some factual evidence that the camera on an iPhone can be hacked, this is merely fear mongering of the worst kind. Please stop.

Neither the iPhone, nor its camera has any known vulnerability that would allow it to be remotely hacked and used.

If you read the document you linked to, you'll see how remotely hacking the camera on an iPhone is virtually impossible.

Kindly cite exactly what you're referring to. It's not fear mongering..it's reality. Not always a pretty place to live in but denying the facts is not the best practice. Reviewed your IO Registry lately..lol?

Only one of those articles was relevant to your assertion that iPhone cameras can be remotely hacked, the BBC article. And, it remains unsubstantiated rumor. Thomas can correct me but I believe that actual security experts don't believe it.

IdrisSeabright wrote:

Only one of those articles was relevant, the BBC article. And, it remains unsubstantiated rumor. Thomas can correct me but I believe that actual security experts don't believe it.

I would not go so far as to say that the iPhone's camera can't be hacked. I try not to speak in absolutes these days.

However, if it is possible to get access to the camera silently, without the usual request that the user must approve to allow an app to access the camera, it is not currently known. If this is possible, it would involve a vulnerability in iOS, and iOS vulnerabilities have a historical precedent of being worth a lot of money... like, as in a million US dollars or more.

You're not going to find run-of-the-mill malware using that kind of thing. If you're a malware author, are you going to write some janky software using an iOS vulnerability and maybe make a little bit of money, or are you going to sell it on the black or gray market for 6 figures or more?

The average user will never see this kind of threat on iOS. On the other hand, if you have the interest of a powerful and wealthy organization - like, say, the CIA - then it's possible. Of course, in this case, you're pretty thoroughly hosed, since such an organization could bug your house, your car, your office, tap your phones, monitor your location via cell networks, etc, and generally have their fingers in every part of your life. What's a little phone infection in the face of that?

chase_daniel wrote:

Those articles don't talk about the FBI paying for the San Bernardino shooter's passcode like you're assuming without reading them it seems.

Huh? I never said anything about the FBI and the older iPhone with an older version of iOS. Which, since you brought it up, was done remotely.

I also never said the iPhone can't be hacked. I said that at this time, the camera on your iPhone is not being activated remotely. Again, nothing you've cited has indicated that's currently possible.

I'd say they're all relevant but then again I try to set aside my bias and actually gather information that may challenge preconceived notions.

When you manage to set aside your preconceived notions and biases, please post back.

Please read Thomas's post above.

LOL!! You must have a time machine or something because everything he said was true but not anymore.

Do any of you have any credentials to make such statements? Some diplomas or a successful career in the cyber security industry? Do you keep up with the latest threats?

I've always tried to cite my sources and have yet to see anyone here to the same. There's a lot of "I think" and "maybe."

The conclusion to the speculations above is that if the government wants to, they can. Everyone gets that...

This pretty much concedes to my argument though without even realizing because what I've been saying (and what those articles were talking about) is that there have been multiple major leaks of iOS and Apple specific malware so now anybody with a basement and a laptop and no friends can watch you on your webcam, track your location and all those lovely things, no Q Division required.

Thousands of pages of documents and reports on the were published by major news outlets earlier this year. That only in a James Bond movie attitude is just not true anymore. To that point, go watch Goldeneye and then tell me how much better every single piece of futuretech back then is now.

Oh and here's the US-CERT warning everyone that there's a massive unpatched iOS specific Bluetooth exploit out right now that's put millions of devices open to remote execution of commands (they're probably just playing Angry Birds so don't worry people they're not stealing your data or invading your privacy..hackers are well known to have extremely high ethics and low intelligence).

09/12/2017 - US Computer Emergency Readiness Team:

US-CERT is aware of a collection of Bluetooth vulnerabilities, known as BlueBorne, potentially affecting millions of unpatched mobile phones, computers, and Internet of Things (IoT) devices. A remote attacker could exploit several of these vulnerabilities to take control of affected devices.

US-CERT recommends that users and administrators read Vulnerability Note VU#240311https://www.kb.cert.org/vuls/id/240311https://www.kb.cert.org/vuls/id/240311 for more information.

https://www.us-cert.gov/ncas/current-activity/2017/09/12/BlueBorne-Bluetooth-Vul nerabilities

No patch is available as of yet and can anyone remind me how many months went by between when the previous massive vunerability was formally documented and when the it finally got patched?

Was it 5 months or 6 months?

The Blueborne exploit was blocked in iOS in March. No current version of iOS 10.3 or later is vulnerable. Which makes the rest of your rant irrelevant. It shows that you didn't do any real research, or you would have known that.

And yes, I have pursued a career in cybersecurity as part of my management of over 50 enterprise level development and upgrade projects for Fortune 500 companies. My experience in cybersecurity goes back to the first worm ever, created by Robert Morris at Cornell in 1988. However, I was a consultant on the development of Arpanet (which, as I am sure you know, was the base from which the Internet was developed), addressing how to keep it secure among other capabilities. I do follow the latest threats. Perhaps you should also.

Lawrence Finch wrote:

My experience in cybersecurity goes back to the first worm ever, created by Robert Morris at Cornell in 1988.

Do you believe it was, as he has stated on at least some occasions, a student prank gone horribly awry?