Published on April 25th, 2020 📆 | 1891 Views ⚑4
This iOS APP Is Putting Your iPhone At RISK
#iphonehack #cybersecurity #iOShack If you own an iOS device (iphone or ipad) you may be at risk to hacking. Hackers have found vulnerabilities in Apple’s iOS operating system. In this video I will explain what these vulnerabilities are and what you can do to prevent yourself from being a victim to these hackers. Following a routine iOS investigation, ZecOps; a company based in San Francisco which specialises in cybersecurity, found a number of suspicious events that’s affecting the default Mail application on iOS, dating as far back as January of 2018.
ZecOps analyzed these events and discovered an exploitable vulnerability affecting Apple’s iPhones and iPads. This works by the attackers sending a seemingly blank, but specially crafted email to a victim’s mailbox, enabling it to trigger the operating system’s vulnerabilities through the iOS mobile mail application.
The email would crash the app, forcing the user to reboot their device. During the reboot, hackers would then be able to access information on the device such as contact details, photos, confidential messages and whatever information the mail app had access to. Even more alarming is the fact that when this happens, the emails that trigger the hack are nowhere to be found. ZecOps believe this is done by the hackers to cover up their tracks.
According to ZecOps, one of the victims of this hack is a client from a Fortune 500 North American technology company. Other victims were: An executive from a carrier in Japan, A VIP from Germany, Managed security service providers in Saudia Arabia and Israel and a Journalist in Europe. An executive from a Swiss enterprise is also suspected to have been a victim of this hack.
In an interview with motherboard, former Israeli Defense Force security researcher and CEO of ZecOps, Zuk Avraham said they concluded with high confidence that the attacks were exploited in the wild-meaning they are affecting real world users as opposed to test systems.
He further stated that one of the vulnerabilities, is what’s known as a remote zero-click. This kind of attack is especially dangerous because it can be used by an attacker against anyone on the internet, and the target gets infected without any interaction—hence the term zero-click. These vulnerabilities are known as zero-days.
Vulnerabilities or exploits called zero-days are bugs in software or hardware that are unknown to their manufacturers and can be used to hack targets. They can be particularly effective attacks because they use flaws that are not patched yet, meaning there’s no code deployed to specifically defend against them.
ZecOps said after being alerted to suspicious crashes on their customers iphones last summer, they reproduced the results of the hack in their lab to verify their findings. ZecOps said that:
All tested iOS versions are vulnerable, including iOS 13.4.1.
Based on their data, these bugs were actively triggered on iOS 11.2.2 and potentially earlier.
They also stated that
iOS 6 and above are vulnerable.
Thanks so much for viewing. It would mean a lot to me if you could subscribe to my channel. Below are links to my social media accounts:
The economic times