Privacy on footpath: Apple helped Uber iOS app in live screen recording of users

Giving least respect to user’s privacy and security, global smartphone giant Apple iOS allowed Uber to record screen of the users who have installed Uber App on their smartphone, said security researchers

Must Read

Sumit Deb begins new journey as CMD of NMDC

Senior leader Sumit Deb has assumed charge as Chairman-cum-Managing Director of . He succeeds N. Baijendra Kumar.

Spearheading transformation towards sustainable future in times of Covid-19

Bringing the governments, businesses, academia, and communities together to spearhead the transformational and systematic effort towards a sustainable future is needed

Tata Communications gets local telecom license in Saudi Arabia

Under Type B telecom license, Tata Communications will be able to provide Internet Service Provider and related telecom services to enterprises in a defined capacity, along with local currency billing for end-customers

Giving least respect to user’s and security, global smartphone giant platform allowed to record screen of the users who have installed App on their smartphone, even when they were not accessing the app. According to security researchers, Uber’s iOS application has the permission to record users’ screens, and anything on it including passwords, messages or any other critical information. Though, the researchers suggest that this is to make the Uber app work more efficiently and smoothly with Apple Watch.

Apple iOS allowed Uber to run a powerful tool called – entitlement which is a snippet of code that can be used to perform various activities like setting up push notification, enable in-app payments, or interact with Apple’s iCloud other than recording the entire screen of users even when the app is running in the background. Researchers claim that they found no other third party apps other than Uber that had this kind of “private sensitive entitlement”.

Although the entitlement isn’t intended for any malicious purpose, researchers worry that an unethical hacker who manages to break into Uber network might also get access to these sensitive permissions. This could lead to breach into a user’s critical data as it would aid a hacker in getting access to users’ passwords, bank account details, private messages and much more.

After the researchers discovered the tool, Uber said it is no longer in use and will be removed from the app. According to an Uber spokesperson, Uber required this permission for an older version of Apple Watch to run a heavy lifting of rendering maps on user’s smartphone and then send it to the Apple Watch application. Further, they said that the permission was not used for anything else apart from rendering maps.

“This move by Uber and Apple has opened up its users to a massive privacy risk. Even if Uber doesn’t have any ulterior motive and the special ‘entitlement’ is only for rendering the maps, malicious hackers if gain access to the internal controls in Uber could spy on users at mass,” said Ankush Johar, Director of HumanFirewall.io, a human information security awareness and preparedness firm.

“Millions of users use the application on Apple’s iOS and this access could be exploited gravely if in wrong hands. If a state-sponsored hacker gains access to this feature, it could give a spying agency whether governmental or private, complete access to the targets daily activities including precise location, complete conversations on even the most encrypted channels and all secure passwords that the target is using. It is like a dream-come-true for any spying agency and, to get it, all they got to do is gain access into Uber’s internal controllers and get hold of the databases where this data is being stored or catch it live in action. On the other hand, all a cybercriminal has to do is to gain such access into Uber’s network and agencies, all around the globe will be ready to pay big sums in the underground market for such deepened access to mass user data. It’s unknown if a hacker or a group has been able to compromise Uber to such a level but if they have, all Uber users on iOS are at extreme risk,” he added.

Subscribe to receive the day's headlines from Tech Observer straight in your inbox

Leave a Reply

*The moderation of comments is automated and not cleared manually by techobserver.in. Embedding of any link and use of abusive or unparliamentary language are prohibited.
- Advertisement -

Latest in TECH

Tata Communications gets local telecom license in Saudi Arabia

Under Type B telecom license, Tata Communications will be able to provide Internet Service Provider and related telecom services to enterprises in a defined capacity, along with local currency billing for end-customers
- Advertisement -SAP Hana

Related Articles