Uber iPhone App Could Spy on Users Through Exception Granted by Apple: Researchers

The iPhone app for ride-sharing company Uber has been allowed by Apple to access and record users screens, opening a door that would allow it to effectively spy on users.

Uber has said the functionality had a benign purpose and is no longer in use.

The functionality, Uber said, was granted by Apple to allow the app to take a snapshot of a map on the iPhone and send it to the Uber Apple Watch app because the watch, when first released, had trouble processing maps on its own, Gizmodo reported.

The functionality, however, could also be used to capture the user’s screen at any time, even when the app runs in the background.

“Essentially it gives you full control over the framebuffer, which contains the colors of each pixel of your screen. So they can potentially draw or record the screen,” Luca Todesco, a researcher and iPhone jailbreaker, told Gizmodo. “It can potentially steal passwords etc.”

Such functionalities, normally not available to app developers, are called entitlements.

This one, however, seems special.

The code responsible for this functionality was discovered by security researcher Will Strafach, CEO of Sudo Security Group. He said he wasn’t able to find the same functionality granted by Apple to any other app.

Gizmodo’s Kate Conger speculated that Apple may have granted the entitlement to Uber because it wanted to show that the Apple Watch had a functioning Uber app at its release. Apple only gave developers about four months to create apps before the Apple Watch started to ship in 2015, and Uber may have been hard-pressed to have the app ready before the launch.

At the March 2015 keynote about the watch, Kevin Lynch, Apple’s vice president of technology, showcased the Uber app, including its ability to show the driver’s location on a map.

Uber stated the entitlement was only used in the 8.2 version of the Uber app and remains dormant in the newer versions since the newer versions of the Apple Watch can process the maps on their own.

Melanie Ensign, Uber spokesperson for security and privacy, told Strafach in a tweet that the entitlement is being removed from the app.

Uber has faced scrutiny over its cybersecurity practices before. It was investigated by the FBI for using a software that reportedly tracked drivers who worked for both Uber and its competitor Lyft.

From The Epoch Times

 
 
 
 
 

Stock Market Added $5.2 Trillion in Value Since Trump’s Election

Stock Market Added $5.2 Trillion in Value Since Trump’s Election
Positive economic indicators coupled with the pro-growth policies of President Donald Trump have fueled business sentiment and investor ...
READ MORE >
 
US

Trump Slams NFL for Not Making Players Stand for Anthem

Trump Slams NFL for Not Making Players Stand for Anthem
U.S. President Donald Trump criticized the National Football League on Wednesday for not forcing players to stand for ...
READ MORE >
 

Russia Increasing Pressure on North Korea

Russia Increasing Pressure on North Korea
North Korea is finding itself increasingly isolated as Russia and China have joined the United States in imposing ...
READ MORE >
 

With Loss of Raqqa, the ISIS ‘Caliphate’ is Ending

With Loss of Raqqa, the ISIS ‘Caliphate’ is Ending
The ISIS terrorist group is losing one of the last strongholds of its proclaimed "caliphate," as coalition forces ...
READ MORE >
 

Fashion Illustration Series #1: Song Joong Ki

Fashion Illustration Series #1: Song Joong Ki
“Hallyu Stars meets Fashion Illustration Series” - Hallyu World X Metropolitan Miss Collab! -    This time as ...
READ MORE >