Breaking News


Header Ads Widget

Hands-free: experts hacked iPhone in ten different ways

Apple’s smartphones weren’t as well-protected as many thought - cybersecurity experts have discovered at least ten ways Hands-free: experts hacked iPhone in ten different ways

Hands-free: experts hacked iPhone in ten different ways

Apple’s smartphones weren’t as well-protected as many thought - cybersecurity experts have discovered at least ten ways you can crack an iPhone without even touching it. It is reported that at the moment, some vulnerabilities are still not patched, which means that they can be exploited by cybercriminals.

Despite the fact that the iPhone is considered one of the safest smartphones on the market, absolute protection against hacking does not yet exist. Last year, IB researcher Ian Beer, working on the Project Zero project, reported 30 different vulnerabilities in the iOS operating system. Project Zero is a special division of Google engaged in the search for gaps in the defence of devices of both the "good corporation" and its competitors.

This year, two experts from Project Zero Natalie Silvanovich and Samuel Gros published another study on iPhone vulnerabilities that could potentially be exploited by hackers. The results were first presented at the Black Hat conference in Las Vegas.

“There were many rumours about vulnerabilities that do not require user interaction to carry out an attack on the iPhone, but there was practically no information about the technical aspects of this attack on modern gadgets,” the researchers said in a presentation.
The vulnerabilities reported by Silvanovich and Gros relate to sending messages, voice and email, but the largest number of complaints were made by the iMessage service.

For example, one of the vulnerabilities allows a hacker to send a pre-prepared message that tricks the iMessage server into sending an attacker the contents of the correspondence of the selected victim.
At the same time, the user has no chance to find out that he was the victim of a hacker attack. In addition, he doesn't even need to open iMessage for the hack to work. Many other vulnerabilities found by Project Zero also do not require an attacker to physically interact with the device in order to steal user data.
Information security researchers claim that six of the reported vulnerabilities were successfully patched, but some others still pose a threat to user privacy.
“In general, we found a significant number of serious vulnerabilities of a remote nature,” said Silvanovich.
As explained by, Avast senior software engineer Vojtech Bock, the above problems are mainly related to serialization and deserialization of iMessage data.
“Serialization is the process of converting data in the device’s memory into a format that can be safely sent over the network or saved. Deserialization converts the data back to its initial state in memory. 
These are quite complex processes, especially in the case of iMessage, which supports many functions and therefore is especially vulnerable to vulnerabilities, ”said Bocek.
You may also like
Such errors can be used to manually change the serialized representation of the data, which then will cause errors during deserialization.
“The deserialization errors detected by Project Zero are, for example, use after flushing or buffer overflows. They can be used to transfer user data back to the hacker. Unfortunately, some errors also affect iMessage servers and not just the application on iPhones, so data can be skipped without receiving a message on your phone, ”the Gazeta.Ru interlocutor said.
The Apple device ecosystem is indeed considered one of the most secure, but even it is not safe from intruders trying to exploit vulnerabilities. So, in July of this year, the media reported a bug in the “smart” watch Apple Watch, which allows you to listen to the user's iPhone without his consent. The error was found in the Radio application. Apple acknowledged the bug and apologized for the inconvenience.
In January, there was another scandal with wiretapping - this time it was about the popular FaceTime application, with which iPhone owners can communicate with each other.
The vulnerability found made it possible to eavesdrop on the interlocutor before he accepts the call.
At the same time, the person on the other side of the wire did not even suspect that they were listening to him. Apple executives acknowledged the vulnerability and released an extraordinary patch that protects user privacy.
At the end of last year, the New Year’s patch for the iOS operating system gave the iPhone owners a not-so-nice gift - after the update, Apple’s smartphones stopped calling and surfing the Internet. The problem concerned the version of iOS 12.1.2, which was supposed to be a small update, eliminating minor flaws. Nevertheless, before the release of the patch that fixes the problem, the iPhones of some users turned into high-tech “bricks”.

Post a Comment