Secret iPhone hacks that Apple still can’t stop.

This is shocking. Disclosure: The Bahraini government allegedly bought and deployed sophisticated malware against human rights activists, including spyware that did not require communication with the victim. But as disturbing as this week’s University of Toronto Citizen Lab report is, it’s becoming increasingly familiar.

These “zero click” attacks can happen on any platform, but high profile hacks show that the attackers have exploited vulnerabilities in Apple’s iMessage service. Security researchers say the company’s efforts to address the issue are not working – and that the company could take other measures to protect its most vulnerable customers.

Attacks without interaction against the current version of iOS are still extremely rare, and are used against a small population of high profile targets almost all over the world. In other words, the average iPhone owner is less likely to meet them. But the Bahrain incident shows that Apple’s efforts to reduce the risks of iMessage for extremely vulnerable users have not been entirely successful. The question now is how far the company is willing to go to make its messaging platform less of a liability.

Patrick Wardle, a longtime MacOS and iOS security researcher, says: Is.” Send it from any part of the world at any time and kill you.

Apple is pushing for a comprehensive solution to iMessage Zero Clicks in iOS 14. The most notable of these new features is the Blast Door, a type of quarantine ward for incoming iMessage communications that aims to completely remove potentially malicious components before they are removed. iOS environment but attacks come without communication. Both this week’s Citizen Lab results and research, published in July by Amnesty International, specifically show the possibility of a zero-click attack to defeat the Blast Door.

Apple has not issued a fix for this particular vulnerability and related attack, which Amnesty International has called “Magaldoon” and Citizen Lab called “forced registration.” An Apple spokesman told Wired that it intends to tighten iMessage security beyond Blast Door, and that new defenses are coming with iOS 15, which is likely to come out next month. But it is unclear what further reservations it will make, and in the meantime there seems to be no defense against the hack that defeated Blast Door as both Amnesty International and Citizen Lab have seen.

Ivan Christch, Apple’s head of security engineering and architecture, said in a statement: “As described, they are extremely complex, costing millions of dollars to develop, often shortening their shelf life and Used to target specific individuals. ” “While this does not mean that they are a threat to the vast majority of our customers, we continue to work tirelessly to protect all of our customers.”

Security researchers say it is difficult to defend many of the functions and features of iMessage. Its “level of attack” is massive. Under the hood, in addition to these green and blue bubbles, getting photos, videos, links, memos, app integration, and more requires a lot of code and jerry rigging. Every feature and interaction with the other part of iOS creates a new opportunity for attackers to find flaws that can be useful. Since the rise of iMessage Zero Clicks a few years ago, it has become increasingly clear that some epic redesign will be needed to comprehensively reduce service vulnerabilities.

Missing from the full review, though, Apple still has the option to deal with the latest iMessage hacks. Researchers suggest that the company may offer special settings, so vulnerable users may choose to close the Messages app on their devices. This may include the option to completely block unreliable content such as images and links, and to notify users before accepting messages from users who are not in their contacts.

.

Leave a Reply

Your email address will not be published.