Smartphones from Apple were not as well protected as a thought — experts on cyber security found at least ten ways by which you can hack the iPhone, even without touching it. It is reported that currently some vulnerabilities still not patched, and thus can be used by hackers.
Despite the fact that the iPhone is one of the safest smartphones on the market, absolute protection against burglary does not yet exist. Last year, security researcher Ian beer, working in project Zero, announced on 30 different vulnerabilities in the operating system iOS. Project Zero is a special division of Google dedicated to finding gaps in the defense as “Corporation of good” and its competitors.
This year, two experts from Project Zero, Natalie Silvanovich and Samuel Gros has published another study on the vulnerabilities in the iPhone, which potentially can be exploited by hackers. The results were first presented at the conference Black Hat in Las Vegas.
“There were many rumours about vulnerabilities which require no user interaction to mount an attack on the iPhone, but practically there was no information about the technical aspects of this attack on modern gadgets,” — said in the presentation of researchers.
Vulnerability reported by Silvanovich and Gros, touch messaging, voice mail and email, but the greatest number of complaints accounted for the iMessage service.
For example, one of the vulnerabilities allows a hacker to send a pre-prepared message that tricked the server iMessage to send to the attacker contents of the correspondence of the chosen victim.
When the user has no chance to know that he was the victim of a hacker attack. In addition, he doesn’t even need to open iMessage to the breaking load. Many other vulnerabilities found by Project Zero, also does not require the attacker’s physical interaction with the device to steal user data.
Security researchers claim that six of the reported vulnerabilities were patched successfully, but some others still pose a threat to user privacy.
“Overall, we found a significant number of serious vulnerabilities, remote in character,” said the Silvanovich.
As explained “Газете.Ru” senior engineer-programmer Avast Vojtech Barrels, the above problems are mainly related to the serialization and deserialization of data iMessage.
“Serialization is the process of converting data in the memory device into a format that can be safely sent over the network or save. Deserialization converts the data back to its original condition in memory. It is quite a complex process, especially in the case of iMessage, which supports many features and is therefore particularly affected by the vulnerabilities,” — said Barrels.
Such errors can be used to manually change the serialized representation of the data, which then will cause an error during deserialization.
“Error deserializing discovered by Project Zero, for example, use after cleansing or buffer overflow. They can be used to pass custom data back to the hacker. Unfortunately, some mistakes have an impact on the iMessage servers, and not just on the app on the iPhone, so these can be skipped without receiving the user messages on your phone,” — said the source “Газеты.Ru”.
The ecosystem of Apple devices really is considered one of the most secure, but even she is not immune from hackers looking to exploit vulnerabilities. So, in July of this year, the media reported the bug in the “smart” clock Apple Watch, you can listen to an iPhone user without his consent. Error was found in the application “Radio”. Apple acknowledged the bug and apologized for the inconvenience.
In January had another wiretapping scandal — this time it was about the popular FaceTime app, by which owners of iPhones can communicate with each other.
Found vulnerability allow eavesdropping of the interlocutor before he takes the call.
The person on the other side the wires were not even aware that he was being bugged. Apple has acknowledged the vulnerability and has released a special patch that protects the privacy of users.
At the end of last year, pre-new patch for iOS gave the iPhone a very nice gift — after you upgrade a smartphone from Apple stopped calling and surf the Internet. The problem was the iOS version 12.1.2, which was supposed to be a small update that fixes minor flaws. However, the patch that fixes the problem, iPhones and some users have turned to high-tech “bricks.”
Read more •••