Facebook fixes issue that activated iPhone's camera without user knowledge
Facebook on Wednesday updated its iOS app to address a flaw that inadvertently enabled a user's camera without their knowledge, a potential security issue first spotted last week.
As noted by The Verge, Facebook is portraying the now-rectified problem as a bug. The social network reportedly submitted fixes for the issue to Apple on Tuesday.
Discovered last week, the flaw in Facebook's iOS app inadvertently activated an iPhone's rear-facing camera in certain situations. Typically, users found the camera went live while browsing account pages or performing other actions not associated with picture taking or regular image capture.
Joshua Maddux posted evidence of the bug in a tweet on Nov. 9., demonstrating that a live video feed was opened in the Facebook app and hidden behind a photo or other onscreen content. Sliding foreground panels to the side displayed a small portion of the live feed, which appeared to be captured from a rear-facing image sensor.
Maddux was able to replicate the issue on multiple devices running iOS 13.2.2, though previous iOS versions were seemingly unaffected by the bug.
It should be noted that the app was operating within the iOS sandbox, meaning affected users had previously allowed access to camera hardware. Still, unintentional and inconspicuous activation of iPhone's imaging module is viewed as a serious threat to user security, especially when it involves a company widely criticized for numerous privacy snafus.
Facebook has yet to explain the matter publicly.
As noted by The Verge, Facebook is portraying the now-rectified problem as a bug. The social network reportedly submitted fixes for the issue to Apple on Tuesday.
Discovered last week, the flaw in Facebook's iOS app inadvertently activated an iPhone's rear-facing camera in certain situations. Typically, users found the camera went live while browsing account pages or performing other actions not associated with picture taking or regular image capture.
Joshua Maddux posted evidence of the bug in a tweet on Nov. 9., demonstrating that a live video feed was opened in the Facebook app and hidden behind a photo or other onscreen content. Sliding foreground panels to the side displayed a small portion of the live feed, which appeared to be captured from a rear-facing image sensor.
Maddux was able to replicate the issue on multiple devices running iOS 13.2.2, though previous iOS versions were seemingly unaffected by the bug.
It should be noted that the app was operating within the iOS sandbox, meaning affected users had previously allowed access to camera hardware. Still, unintentional and inconspicuous activation of iPhone's imaging module is viewed as a serious threat to user security, especially when it involves a company widely criticized for numerous privacy snafus.
Facebook has yet to explain the matter publicly.
Comments
I deleted my account. Too many privacy violations from one company for me.
When iOS is incapable of stopping these kind of loophole, how can we be feeling safe using all other apps?
My only suggestion to Apple would be to add some kind of indicator that either camera is active, like a little dot similar to what you see when your Mac's camera is active.
Why is Facebook removing features?
/s
For example, it is useful for messages and Facebook to have access to the camera and photos but once that is authorized, these apps have carte blanche access anytime they want. So Facebook, just picking them at random, once given access, can download at their convenience, all 14,000 photos I have in my photo library.
As an old system admin, and in other lives, having access to sensitive information of various types, and setting up access for others, it is imperative that access to any resources be monitored to prevent abuse, intentional or inadvertent. Access with limitations is meat and potatoes stuff.
Monitoring amount of data transferred is another aspect. On very practical issue is monitoring cellular use. The iPhone wi-fi and cellular systems don't play well together. With wifi on, the phone will use the wifi; but if the wifi connection out to the WAN is slow or not working or you want a secure connection and you don't or can't use VPN (often the case in hotel rooms and buses), one must shut off wifi to use cellular access to the internet. If you fail to turn wifi back on, the phone will continue to use the cellular network, chewing up your limited cellular data plan. My carrier doesn't inform me of the problem until 75% of data limit has been hit -- that's too late.