Researcher: Uber could record your iPhone screen without your knowledge

Share

Will Strafach, a security researcher, discovered this week that Uber had been granted an undocumented private app permission allowing access to the screen-recording feature.

According to ZDNet, the hidden feature will allow Uber to "tap into features" of an iPhone or iPad that usually require special permission by Apple to use and Uber seems to be the only third-party app with such permissions.

As of Thursday at 4 p.m.in San Francisco, an update to Uber's app was not available in Apple's app store. "It was only ever used to render maps for an early version of our Apple Watch app, but has been dormant for quite some time", an Uber spokesperson said to The Next Web. The goal, however, is not to take screenshots of iPhones, but rather to fix map rendering in older versions of the Apple Watch, which were unable to properly carry out the process.

"This move by Uber and Apple has opened up its users to a massive privacy risk".

Uber is continuing negotiations with TfL after losing its licence to operate in London, after the company found it wanting in many areas, app use included.

Melanie Ensign, Uber spokesperson for security and privacy, told Strafach in a tweet that the entitlement is being removed from the app.

Although the entitlement isn't intended for this, the worry is that Uber - or a hacker who managed to break into Uber's network - could silently monitor activity on an iPhone user's screen, harvesting passwords and other personal information. "So they can potentially draw or record the screen", Luca Todesco, a researcher and iPhone jailbreaker, told Gizmodo. "It can potentially steal passwords etc".

It is the latest controversy to blight Uber, coming as the company's new CEO Dara Khosrowshahi visits London in an attempt to overturn an upcoming city-wide ban on the app.

"I find this very frightening and risky", said Apple security expert Luca Todesco, a sentiment shared by other experts in the field. Apple didn't comment. It wasn't immediately clear how Apple missed to see the potential abuse of the API, and how often does the company treat certain third-party apps differently for its own advantage.

The entitlement first appeared in Uber's app around the time of the original Watch launch in 2015, according to Strafach.

The startup screen of Uber, auto transportation mobile app developed by the American technology company Uber Technologies Inc, pictured on the display of an iphone 6s plus, on 31 August 2017 in Hong Kong, Hong Kong. Such a possibility can't be ruled out entirely because in the past Uber has used the programs to track drivers of rival Lyft.

Share