Apple let Uber secretly record iPhone screens

Cesar Mills
October 7, 2017

Kevin Lynch, Apple's VP of technology, demoed Uber's Watch app onstage, showing how a rider could request a auto and track its progress on a map, just as the app would work on the iPhone.

Will Strafach, a New York-based security researcher, discovered that the taxi hailing app had received a special permission from Apple to access the screen-recording feature.

"Subsequent updates to Apple Watch and our app removed this dependency, so we're removing the API completely", said the spokesperson.

Security researcher Will Strafach said this is the only entitlement Apple has granted that can enable an app to record what's happening on a display. If a state-sponsored hacker gains access to this feature, it could give a spying agency whether governmental or private, complete access to the targets daily activities including precise location, complete conversations on even the most encrypted channels and all secure passwords that the target is using.

Despite the likes of Greyball and other rather dubiously purposed apps, such as "Hell", created to track Uber drivers moonlighting for rivals, there's no suggestion that Uber is using this technology for nefarious purposes.

The entitlement isn't commonly granted, and Uber would have had to get direct permission from Apple in order to implement it.

For now, there is no concrete evidence that Uber actually took advantage of this access.

Whole Foods Locations in New England Hit by Credit Card Breach
For the month of September, auto traffic at Whole Foods stores was up 4.6 percent, the biggest increase since June 2014. The people visiting Whole Foods during those first three weeks were no different than those it usually attracts.

"Blade Runner 2049" is a modern day science-fiction masterpiece
Blade Runner 2049 began with the hard task of playing the belated successor to one of the most beloved sci-fi movies of all time. Still, " Blade Runner 2049 " is the rare sequel that can hold its own next to a bona fide masterpiece.

United Blood Services: Blood needs in Las Vegas are met for now
Similarly, the American Red Cross does not need financial donations right now, but is encouraging people to donate blood . AuBuchon said donating this week will help Bloodworks contribute when supplies in Las Vegas become low.

In the meantime, if users of the Uber app on iOS remain concerned about their privacy until the update is made available, the best course of action would be to uninstall the app from their devices.

"It's not connected to anything else in our current codebase and the diff [sic] to remove it is already being pushed into production". Apple only gave developers about four months to create apps before the Apple Watch started to ship in 2015, and Uber may have been hard pressed to have the app ready before the launch. On the other hand, all a cybercriminal has to do is to gain such access into Uber's network and agencies, all around the globe will be ready to pay big sums in the underground market for such deepened access to mass user data. A security expert told ZDNet that having access to the aforementioned entitlement is "the equivalent of giving keylogging ability to apps", he said.

This entitlement could conceivably have been infiltrated by hackers, who would then be able to overtake an iPhone user's screen.

What makes the new revelation more serious is Uber's poor record on maintaining user privacy.

Now, do we blame Apple for not taking the permission away?

In fact, Apple CEO Tim Cook reportedly called former Uber CEO Travis Kalanick to his office a few years ago and asked him to put an end to a shady practice called fingerprinting.

Other reports by GizPress

Discuss This Article

FOLLOW OUR NEWSPAPER