Software engineer may have discovered serious macOS privacy concern

By Naomi Gleit On Oct 5, 2022

Engineer Matt Hodges posted a Twitter thread about an issue he found on macOS. According to him, not only does the Mac operating system actively scan images in the background, but when these images are QR Codes that point to an URL, macOS is decoding them, and requesting the URL. As a company that talks about “privacy as a fundamental right,” this raises the question of whether this is “just a bug” or intended by Apple.

According to Hodges, he was “playing with Canary Tokens,” which lets you create a digital artifact such as a file, URL, or QR Code, and if someone interacts with it, you get an alert, and discovered this macOS issue. He explains how he discovered this:

When you make a QR code canary token, the service points the code to some placeholder website, and when that website is fetched, they send you an email with details like IP address and User Agent that scanned the code. Here’s one that emails [email protected] when scanned.

He decided it had no use for him and just “let it sit in my Downloads Folder.” Then, he got “a flurry of emails saying it had been triggered.” With that, he discovered that what was triggering the QR Code was his own IP, and the User Agent was from an AppleKit tool from macOS. He writes:

So macOS is background scanning all the images on my computer. I’m not totally shocked — they do all that face tagging and magic cat-breed identification now. But they’re also 1) decoding QRs & 2) requesting random URLs! That seems like both a privacy and a security problem.

While Apple scanning images in the background is not a big deal since it uses that to detect objects and classify them within the Photos app – Apple says this part is end-to-end encrypted –, it’s not usual for the company to read, decode, and check the QR Code content without user’s consent.

Fortunately, according to another Twitter user, this issue is only Mac-related and does not affect the iPhone.

BGR reached out to Apple and asked for a comment on if this is a known issue and if macOS should behave this way. We’ll update the story once we hear from the company.

Well this is something … I think I just discovered that macOS is background scanning images on my computer and, when those images are QR codes that point to URLs, it’s decoding the codes and requesting the URL… 1/

— Matt Hodges (@hodgesmr) October 5, 2022

More Apple news: This new iOS 16 feature is so useful, but no one knows about it

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.