As reported by Forbes, ethical hacker Ryan Pickren has found seven zero-day vulnerabilities that enabled him to construct a kill chain, using just three of them, to hijack the iPhone camera successfully, or any iOS or macOS camera for that matter.
During December 2019, Pickren opted to delve into Apple Safari for iOS and macOS, to “hammer the browser with obscure corner cases” until weird behavior was uncovered. Pickren focused on the camera security model, and found a total of seven zero-day vulnerabilities in Safari (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787) of which three could be used in the camera hacking kill chain.
Hijacking the iPhone camera is possibly one of the most socially worrying attacks we could see. If laptop cameras are compromised then we have been able to use webcam covers, but rarely do people use a cover over our phone cameras as we use them so much.
Phishing emails are still at the root to the problem so people need to remain extra vigilant with such traffic. Losing control to the camera could likely lead to some very embarrassing situations and extortion. Luckily ethical hackers play a very important role in the combat against cybercriminals.