Published: Sat, October 07, 2017
Science | By Cecil Little

Uber app can silently record iPhone screens, researcher finds

Uber app can silently record iPhone screens, researcher finds

The one Uber was using, for example, could be used to record a user's screen, Thomas Jansen, founder of security research company Crissy Field said.

Apps for the iPhone and iPad use entitlements to enable functions like the camera and Apple Pay.

Now, we're not saying it has or it will, but it can, as part of a drive (arf) to extend the functionality between the iPhone and Apple Watch which has seen the Uber app given extensive permissions to do things that you won't be expecting, even while other apps are in the foreground. The company, however, rejected the security breach fears, stating the code was installed to improve the experience on Apple Watch version of the app.

F1 Title Rivals Should Be Wary Of Red Bull
But Toto Wolff had little time for sympathy for his counterpart, cutting a dejected figure after the checkered flag on Sunday. According to oddsmakers at Bovada.lv, Lewis Hamilton is the clear favorite to win this race, as he has -200 odds.


Newer versions of the app have had this power voluntarily removed, with Uber explaining: "Apple gave us this permission years because Apple Watch couldn't handle our maps rendering. The memory limitation of Apple Watch was fixed by subsequent updates in the OS and we've issued an update to our app to remove the API completely".

According to Apple expert Luca Tudesco, it's the equivalent of giving an app keylogging abilities - meaning it can be used to steal sensitive information like log-ins and passwords - and it's unclear why Apple would grant such special privileges to the ride-sharing app, given its already poor record with regard to privacy.

The tool could be used by Uber or a malicious hacker with access to the company's network to spy on the iPhone user, according to researchers.

Syria fight back against Australia to keep World Cup dream alive
Even after Soma tucked away the penalty, Syria had another chance but Ryan brilliantly tipped Omar Khribin's effort over the bar. They had to survive some scares along the way as the Socceroos twice hit the post for the visitors.


"Essentially it gives you full control over the framebuffer, which contains the colors of each pixel of your screen", Todesco told Gizmodo. "I guess there is some kind of extremely special relationship there, considering Apple granted them exclusive access to a privileged IOKit API a little while after they were abusing other unrelated IOKit APIs in violation of the App Store rules (with no repercussions at all)".

Uber told Business Insider the code was not now being used and was essentially a vestige from an earlier version of its Apple Watch app, but it set off alarm bells among experts. He even threatened to remove the app from the Apple App Store altogether.

It's not the first time Uber has made headlines for alleged surveillance infringements. And just last month, the FBI started investigating Uber for the "Hell" program it used to track Lyft drivers.

Pro-independence Catalans defy King Felipe VI's warning
If negotiations are still to come, however, it is not clear who will mediate this political crisis . More than 800 people were injured in the police crackdown on the Catalan referendum on October 1.


The big mystery here is why Apple would give Uber such unprecedented access. For example, the so-called Hell program of Uber allegedly allowed the company to monitor the activities of the drivers of rival Lyft, so some may think that the hidden feature could have also allowed Uber to keep track of customers' usage of the Lyft app.

Like this: