Facebook fixes issue that activated iPhone's camera without user knowledge

Posted:
in iOS edited November 2019
Facebook on Wednesday updated its iOS app to address a flaw that inadvertently enabled a user's camera without their knowledge, a potential security issue first spotted last week.




As noted by The Verge, Facebook is portraying the now-rectified problem as a bug. The social network reportedly submitted fixes for the issue to Apple on Tuesday.

Discovered last week, the flaw in Facebook's iOS app inadvertently activated an iPhone's rear-facing camera in certain situations. Typically, users found the camera went live while browsing account pages or performing other actions not associated with picture taking or regular image capture.

Joshua Maddux posted evidence of the bug in a tweet on Nov. 9., demonstrating that a live video feed was opened in the Facebook app and hidden behind a photo or other onscreen content. Sliding foreground panels to the side displayed a small portion of the live feed, which appeared to be captured from a rear-facing image sensor.

Maddux was able to replicate the issue on multiple devices running iOS 13.2.2, though previous iOS versions were seemingly unaffected by the bug.

It should be noted that the app was operating within the iOS sandbox, meaning affected users had previously allowed access to camera hardware. Still, unintentional and inconspicuous activation of iPhone's imaging module is viewed as a serious threat to user security, especially when it involves a company widely criticized for numerous privacy snafus.

Facebook has yet to explain the matter publicly.

Comments

  • Reply 1 of 16
    I’m certain it was an “honest” mistake.
    mrmacgeekAnilu_777mattinozchasmajlCarnageairnerdMplsPwatto_cobra
  • Reply 2 of 16
    DAalsethDAalseth Posts: 2,411member
    “Fixes”
    mrmacgeekmattinozchasmwatto_cobra
  • Reply 3 of 16
    I've not used the app, but this was the last straw that pushed me over.
    I deleted my account. Too many privacy violations from one company for me.
    mrmacgeekjahbladeAnilu_777MisterKitajlCarnagewatto_cobra
  • Reply 4 of 16
    So did they FIX the issue (stop creating a live camera feed without letting the user know), or did they just “fix” the issue (do a better job at hiding the secret video feed like in previous iOS versions)?  :s
    jahbladebonobobMisterKitchasmajlairnerdwatto_cobra
  • Reply 5 of 16
    ivanhivanh Posts: 597member
    It’s not about FB, it’s Apple.
    When iOS is incapable of stopping these kind of loophole, how can we be feeling safe using all other apps?
    airnerd
  • Reply 6 of 16
    olsols Posts: 49member
    Well, until the next time
    watto_cobra
  • Reply 7 of 16
    ivanh said:
    It’s not about FB, it’s Apple.
    When iOS is incapable of stopping these kind of loophole, how can we be feeling safe using all other apps?
    It is capable. You had to have granted the Facebook app access to your camera, which is a security function of iOS, for this to have happened at all. Any app can use your camera, but you have to allow it. I never granted Facebook access to my camera, because I don't trust them.

    My only suggestion to Apple would be to add some kind of indicator that either camera is active, like a little dot similar to what you see when your Mac's camera is active. 
    edited November 2019 jahbladeAnilu_777Rayz2016watto_cobra
  • Reply 8 of 16
    Deleted Facebook a year ago and don’t regret it. 
    kestralRayz2016mattinozajlricmacwatto_cobra
  • Reply 9 of 16
    Apple should allow access to be granted as limited. Time limited and/or resource limited, like amount of data transferred, before being locked down.  And allow setup for one time use, requesting access each time.

    Access to photos should be similarly limited. 

    Also, Apple should similarly build in limits to data transfer, especially over cellular network, requiring reauthorization after limits are reached. 
    watto_cobra
  • Reply 10 of 16
    Rayz2016Rayz2016 Posts: 6,957member
    larryjw said:
    Apple should allow access to be granted as limited. Time limited and/or resource limited, like amount of data transferred, before being locked down.  And allow setup for one time use, requesting access each time.

    Access to photos should be similarly limited. 

    Also, Apple should similarly build in limits to data transfer, especially over cellular network, requiring reauthorization after limits are reached. 
    Sorry, no. If you start adding options for every little edge case then folk will just stop looking at the options altogether. 

    Secondly, the amount data transferred has nothing to do with security. Facebook just needs one secret shot of your kitchen to work out what appliances you use. 

    As someone has already suggested, Apple needs to hardwire a light to the camera so you can see when it’s  running. 

    Oh, and Facebook … no one believes this was a bug. 
    charlesgresajlwatto_cobraFileMakerFeller
  • Reply 11 of 16

    Why is Facebook removing features?


    /s

    watto_cobra
  • Reply 12 of 16
    chasmchasm Posts: 2,579member
    "inadvertently" LOL
    watto_cobra
  • Reply 13 of 16
    jcs2305jcs2305 Posts: 1,307member
    Anilu_777 said:
    Deleted Facebook a year ago and don’t regret it. 
    Agreed!  I did the same 6 years ago. 
    watto_cobra
  • Reply 14 of 16
    Rayz2016 said:
    larryjw said:
    Apple should allow access to be granted as limited. Time limited and/or resource limited, like amount of data transferred, before being locked down.  And allow setup for one time use, requesting access each time.

    Access to photos should be similarly limited. 

    Also, Apple should similarly build in limits to data transfer, especially over cellular network, requiring reauthorization after limits are reached. 
    Sorry, no. If you start adding options for every little edge case then folk will just stop looking at the options altogether. 

    Secondly, the amount data transferred has nothing to do with security. Facebook just needs one secret shot of your kitchen to work out what appliances you use. 

    As someone has already suggested, Apple needs to hardwire a light to the camera so you can see when it’s  running. 

    Oh, and Facebook … no one believes this was a bug. 
    The problem the monitoring I suggested is likely the impact on energy use -- a lot more processing in the background. If folks want to ignore options it's up to them. But those of us less lazy and more concerned with maintaining our privacy by limiting apps ability to monitor us, will use these features.

    For example, it is useful for messages and Facebook to have access to the camera and photos but once that is authorized, these apps have carte blanche access anytime they want. So Facebook, just picking them at random, once given access, can download at their convenience, all 14,000 photos I have in my photo library. 

    As an old system admin, and in other lives, having access to sensitive information of various types, and setting up access for others, it is imperative that access to any resources be monitored to prevent abuse, intentional or inadvertent. Access with limitations is meat and potatoes stuff.

    Monitoring amount of data transferred is another aspect. On very practical issue is monitoring cellular use. The iPhone wi-fi and cellular systems don't play well together. With wifi on, the phone will use the wifi; but if the wifi connection out to the WAN is slow or not working or you want a secure connection and you don't or can't use VPN (often the case in hotel rooms and buses), one must shut off wifi to use cellular access to the internet. If you fail to turn wifi back on, the phone will continue to use the cellular network, chewing up your limited cellular data plan. My carrier doesn't inform me of the problem until 75% of data limit has been hit -- that's too late.
  • Reply 15 of 16
    ivanh said:
    It’s not about FB, it’s Apple.
    When iOS is incapable of stopping these kind of loophole, how can we be feeling safe using all other apps?
    It is capable. You had to have granted the Facebook app access to your camera, which is a security function of iOS, for this to have happened at all. Any app can use your camera, but you have to allow it. I never granted Facebook access to my camera, because I don't trust them.

    My only suggestion to Apple would be to add some kind of indicator that either camera is active, like a little dot similar to what you see when your Mac's camera is active. 
    Or could they offer a "this time only" option for the camera?  Rather than always blocking or always allowing, allow me to allow access to my camera until I close the app.  If I were using Facebook I'd choose that if there is a photo I want to share.  Popup asking to always/this time/never grant, I choose "this time" and take my photo and close the app.  Never again would it have access to my camera until I specifically grant it again.
    lorin schultzwatto_cobra
Sign In or Register to comment.