undefined | Better HN

0 pointsstevekemp6y ago0 comments

As you say applications have to request permissions to access the mic/camera, here's a good writeup of how that was broken recently:

https://www.ryanpickren.com/webcam-hacking

0 comments

2 comments · 1 top-level

microtonal6y ago· 1 in thread

That was not broken. What was broken was origin validation in Safari. There is a difference between a vulnerability in the OS permissions system (which this was not) to control mic/camera permissions and a vulnerability in an application that has already has OS camera permissions.

If you do not give an application permission to access the camera, then vulnerabilities in those applications do not lead to camera access.

(Unfortunately though, Safari is not controlled through this permission system, probably because it was provided through the OS. Permissions can be controlled for other browsers. IMO this should be fixed by Apple.)

stevekempOP6y ago

I understand the extent of the security problem there, and as you say it was Safari-specific. But it goes to show that there might be consequences beyond the obvious when you do grant an application access to the camera/mic.

j / k navigate · click thread line to collapse