Apple Watch vulnerability allows you to spy on your friends’ iPhone

Web application security experts reported the presence of a vulnerability in the Apple Watch that, if exploited, allowed threat actors to spy on users of iPhone devices. The vulnerability was exploitable through Walkie-Talkie, an app installed on Apple Watch; due to this flaw, people could listen to calls on other users’ iPhone.

The Walkie-Talkie app allows two users to send
and receive short audio messages; you need to accept an invitation before
receiving the messages. Apple recently disclosed that a user reported a
vulnerability that allowed other users to listen through other people’s iPhone
without their consent or knowledge; “We have disabled this app, we regret
the inconvenience this may have caused,” the company said, adding that
“very specific conditions and a chain of events” would be needed to
exploit the flaw. 

Web application security experts had reported
to the company a similar flaw in the Apple FaceTime
video calling app earlier this year. In some of the known cases, it was even
claimed that users could activate the microphone of the device receiving the
FaceTime call, regardless of whether the user accepted the call or not. The
company fixed this bug with an update patch shortly after receiving the bug

Recently a new vulnerability was also reported
in Zoom video conferencing software that, if exploited, allowed threat actors
to arbitrarily redirect victims to Zoom sessions, as well as gain access to
webcams without consent of the victim.

Jonathan Leitschuh, the person in charge of
finding and reporting this flaw, mentioned that the vulnerability allowed
hackers to initiate video calls and access the target’s webcam by simply
clicking on a link that could be embedded in any advertisement or website.

Although the company initially did not give too
much importance to the report of the flaw, web application security experts
from the International Institute of Cyber Security (IICS) report that Zoom
finally decided to patch the security flaw; “We appreciate the expert’s
report, as well as the time he spent helping us improve the security of our
service,” a Zoom statement says.

To Top

Pin It on Pinterest

Share This