Facebook Bug Secretly Switches iPhone Camera On Without User’s Consent

The problem was first brought to light on November 10, when a Twitter user named Joshua Maddox posted a screen recording of the Facebook app on his iPhone. He noticed that as he scrolled through his social media feed, his camera would appear behind the app, essentially meaning that the app could be spying on its users in real-time.

Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet. pic.twitter.com/B8b9oE1nbl

— Joshua Maddux (@JoshuaMaddux) November 10, 2019

Buggy iOS Version

Responses to the tweet (as well as reactions to the news from other quarters) have varied, from those who believe that the feature could be slightly concerning to those who have assumed the worst and thrown Facebook under the bus once more. Given the company’s extensive history of data breaches and vulnerabilities.

Today, while watching a video on @facebook, I rotated to landscape and could see the Facebook/Instagram Story UI for a split second. When rotating back to portrait, the Story camera/UI opened entirely. A little worrying… pic.twitter.com/7lVHHGedGf

— Neo QA (@neo_qa) November 2, 2019

However, it has now been identified as the actions of a bug that affects iPhone users. Providing further clarity on his findings, Maddox claimed that he had discovered some issues on separate devices running on the iOS 13.2.2. According to him, this issue doesn’t affect iPhone devices running on the older operating system. Basically, only those who have upgraded their OS versions to the latest iOS 13 offering and have granted the app access to their microphones and cameras are vulnerable. It is widely believed that the bug is related to the “story” feature on Facebook and Instagram apps, which automatically opens the microphone and camera for users to take pictures and videos. A simple workaround for the bug has been identified as well; just go to the iOS settings and revoke the microphone and camera access that the Facebook app has.

Facebook Can’t Escape Data Issues

The vulnerability is the latest in a long line of gaffe that Facebook has committed over the past two years; gaffes which have consistently threatened the company’s standing among investors and users alike.

Facebook’s Latest #Privacy Mishap:

Social media company today revealed that a bug in its system unknowingly allowed 100 app developers to ‘improperly access’ data on members in certain Facebook groups.

Read more: https://t.co/bITr6uW1ob#infosec | #cybersecurity@Swati_THN pic.twitter.com/tPhGtNlebG

— The Hacker News (@TheHackersNews) November 6, 2019

Just last week, the company announced in a blog post that even after it had shut down its Groups system last year, some app developers still gained unsanctioned access to information about several members. Per the post, about 100 developers might have accessed user information since the rules were changed in April 2018, and at least 11 of those developers used member data in the past two months. Ideally, administrators on Facebook groups can use third party tools to manage their forums, thus giving these apps more information about the activities of the group. However, since the changes were made, developers were unable to see members’ names, profile pictures, and other unspecified profile data. The Groups Application Program Interface was locked down as part of a general crackdown that was instituted in the wake of the Cambridge Analytica scandal. It added rules which required developers to get approval before using the API, before the system was relaunched with new features in July 2019. What do you think about Facebook’s data issues? Let us know your thoughts in the comments below.

---

Images are courtesy of Twitter, Shutterstock, Pixabay.