Uber App Can Secretly Record The Screen of iPhone Users

Anthony Cuthbertson

An undocumented feature in the Uber app could allow the ride-hailing company to record the screen of iPhone users, security researchers have discovered.

Mobile security expert Will Strafach uncovered a special permission granted by Apple that allowed Uber to record the screens of users, even when they weren’t using the app.

Strafach posted the capability—known as an “entitlement”—to Twitter, describing the presence of the screen-recording code as “very unusual.”

Trending: World Cup 2018: Who Will Qualify for Russia This Weekend?

 

 


The tool could be used by Uber or a malicious hacker with access to the company’s network to spy on the iPhone user, according to researchers.

Don't miss: 'Blade Runner 2049' In Theaters Now: Everything You Need to Know Before Seeing Sci-Fi Sequel This Weekend

“Essentially it gives you full control over the framebuffer, which contains the colors of each pixel of your screen,” security researcher Luca Todesco told tech news website Gizmodo. “So they can potentially draw or record the screen. It can potentially steal passwords etc.”

uber app iphone record screen hack

The startup screen of Uber, car transportation mobile app developed by the American technology company Uber Technologies Inc, pictured on the display of an iphone 6s plus, on 31 August 2017 in Hong Kong, Hong Kong. Researchers have uncovered security vulnerabilities with the app. studioEAST/Getty Images

The entitlement was granted to Uber in 2015 in order to improve the functionality of the app with the Apple Watch, according to Strafach, who is the chief executive of Sudo Security Group.

“It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature,” Strafach said. “Considering Uber’s past privacy issues I am very curious how they convinced Apple to allow this.”

Uber says the tool is no longer in use and will be removed from the app in a subsequent update.

Most popular: Harvey Weinstein’s Political Donations to Democrats Are Now Being Rerouted to Charities

“We are working with Apple to remove it completely as soon as possible,” said a spokesperson for Uber.  

02_10_uber_04

Uber found itself the subject of protests when some of its customer base perceived the company as aligning with President Donald Trump. Reuters

It is the latest controversy to blight Uber, coming as the company’s new CEO Dara Khosrowshahi visits London in an attempt to overturn an upcoming city-wide ban on the app.

The decision not to renew Uber’s license was made by Transport for London (TfL), which ruled that the firm is not a “fit and proper” company to hold a license.

The ban could have “profound negative consequences” for Uber, according to Khosrowshahi, and his mission to overturn the ruling will not be helped by revelations of this tool.

“Going forward, it’s critical that we act with integrity in everything we do, and learn how to be a better partner to every city we operate in,” Khosrowshahi wrote in an email to Uber employees when the London ban was first announced.

“That doesn’t mean abandoning our principles—we will vigorously appeal TfL’s decision—but rather building trust through our actions and our behaviour.”

Uber currently operates in more than 600 cities around the world and is valued at around $69 billion.

More from Newsweek

By using Yahoo you agree that Yahoo and partners may use Cookies for personalisation and other purposes