Apple gave Uber 'iPhone backdoor' allowing covert screens & data access

Adjust Comment Print

Apple gave Uber access to a powerful tool that allows the ride-hailing giant to record everything on your iPhone's screen even if the Uber app is only running in the background, security researchers discovered.

Nearly every iPhone app has the "entitlement" feature, which allows software to enable features such as Apple Pay or camera on the iPhones and iPads. The entitlement isn't common and would require Apple's explicit permission to use, the researchers explained. That screen recording feature is said to be off limits to most app developers and is something known as an "entitlement".

Uber says updates to the Apple Watch and its app mean the entitlement is non-functional and there's no existing feature still using it.

"It was used for an old version of the Apple Watch app, specifically to run the heavy lifting of rendering maps on your phone & then send the rendering to the Watch app", an Uber spokesperson told Gizmodo, saying that early Apple Watches couldn't handle this process alone. "The memory limitation of Apple Watch was fixed by subsequent updates in the OS and we've issued an update to our app to remove the API completely".

"It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature", Strafach said.

"Essentially it gives you full control over the framebuffer, which contains the colors of each pixel of your screen". "It's not connected to anything else in our current codebase and the diff [sic] to remove it is already being pushed into production", a spokesperson told ZDNet.

Google Assistant is now available on Play Store
Now it looks like Google wants to limit its online store to just "Made by Google " (and, to a lesser extent, "Made for Google "). This information could be revealed from the code of the app and Google doesn't mention it anywhere.

"I find this very frightening and unsafe", said Apple security expert Luca Todesco, a sentiment shared by other experts in the field.

CRAPSI CAB company Uber has the power to secretly record iPhone users screens, according to new research. "It can potentially steal passwords etc". Apple didn't comment. It wasn't immediately clear how Apple missed to see the potential abuse of the API, and how often does the company treat certain third-party apps differently for its own advantage.

It's not the first time Uber has made headlines for alleged surveillance infringements. It was investigated by the Federal Bureau of Investigation for using a software that reportedly tracked drivers who worked for both Uber and its competitor Lyft.

"Millions of users use the application on Apple's iOS and this access could be exploited gravely if in wrong hands".

As Gizmodo points out, the permission theoretically gives Uber the ability to snatch passwords, usernames, credit card numbers, or any other personal information someone puts into their iOS device.

Comments