<i>Our attack requires neither specific vulnerabilities nor privacy-sensitive permissions</i><p>Access to the camera is not a "privacy-sensitive" permission...? That's news to me.<p><i>Since the delay to get a camera preview frame is only the initialization time (500-1000 ms), the camera is very likely still pointing at the same object, thus obtaining a similar image.</i><p>Maybe it depends on how people use cameras, but I find that I often start moving the camera away from the subject too soon after hitting the shutter button, resulting in an unrecognisably blurred image. Holding it still for >500ms after that would be a very rare thing for me to do.
I'm pretty sure Wired completely botched this article. It says that the hack works "across Android, iOS and Windows devices" by monitoring "a newly exposed public side channel, which details the shared memory statistics of other processes."<p>That just isn't possible on iOS unless your phone is jailbroken. Sure enough, the source article is only about android. This kind of "journalism" is so frustrating.
Not the submitter's fault, but the title is really misleading -- contrast with the first paragraph:<p>"Computer scientists have discovered a method of hacking smartphone apps across Android, iOS and Windows devices that is effective up to 92 percent of the time on six of seven popular apps, including Gmail."