Apple’s iOS has been under lens due to a few security threats it has been exposed to. Otherwise considered to be the safest OS, a tough one to crack, researchers have found ways to expose it to malicious threats. Few threats that have cropped up include the recent ones from the security firm, Check Point and Google researchers. Let us dig into them to understand their nature and severity.
In a recent study carried out by security firm, Check Point, a new class of vulnerability has been exposed. It surprises most of us as it is found in the claimed-to-be, most secure, Apples’ iOS. The findings of research say that the contacts saved on iPhones are under threat. They are bared to an SQLite hack attack which could affect the devices with malware. This class of bug is different from the usual browser threats. It is estimated to impact more than 1.4 Billion devices.
Researchers have exploited an SQLite memory corruption threat external to the browser. The technique leads to a multitude of distinct hacks, and the gravest is code execution on an iOS device. Check Point illustrated how hackers can manipulate security and infect Apple’s iOS Contacts app. When a device is under such a vulnerability attack any search of contacts triggers malicious code. The pre-condition to execute such a hack is access to the unlocked device to install a replacement for part of Contacts.
Omer Gull, a vulnerability researcher at Check Point highlighted the attack at DEF CON on August 10. “SQLite is one of the most deployed software in the world. However, from a security perspective, it has only been examined through the lens of WebSQL and browser exploitation,” adding further he stressed that SQLite threats should be treated “major cyber-threat.”
For newbies, SQLite, the lightweight, self-contained database engine, is used by all possible operating system (OS), be on desktop or mobile phone. Name any device and you will find it. Some of the common OS’ include Windows 10, macOS, iOS, Chrome, Safari, Firefox and Android.
The genesis of digging into the SQLite attack started with troubleshooting the security threats exposed by backdoor password-stealing malware samples Azorult, Loki Bot and Pony.
At DEF CON show, Check Point exhibited mechanism how “cyber threats” against SQLite can be used to circumvent the iPhone’s secure boot. It easily assumes the admin control over contacts database (AddressBook.sqlitedb) existing before reboot with a scamp database — giving rise to a privilege escalation.
“We can gain administrative control of the device through the database engine that iOS uses (SQLite)… iPhone’s contacts are stored in SQLite databases and that is how a hacker gains entry,” said Gull. “Any code, web or native, querying an attacker-controlled database might be in danger,” the researcher said.
The demo replicated the scenario of a crash in application but they claimed that they could have designed it to steal passwords as well. “We established that simply querying a database may not be as safe as you expect,” researchers said. “We proved that memory corruption issues in SQLite can now be reliably exploited.”
As of now, Apple has not commented on Check Point’s report though they have been informed about the same.
Another critical security flaw had come to the fore in secure iOS’ iMessage. ZDNet has reported that Google’s Project Zero bug-hunting team of Natalie Silvanovich and Samuel Groß have discovered 6 critical threats. Out of these 6 malicious vulnerabilities, the nature of 4 threats exposes your phone to a hacker through an infected message. They have been fixed and released as a patch.
The reported bugs fall in the category of “interactionless” threats. In other words, they can be administered remotely on an iOS device without the need for firsthand interaction with the recipient’s phone. In common man’s language, a hacker just needs to send an iMessage to you and wait for you to open it. Even without communicating, as soon as you open the harmless-looking message, he gets access to your phone. This he does by sending a malicious code on your iOS device despite any meaningful interaction.
The other 2 suspected bugs help hackers in gaining access to the phone’s memory and reading all files remotely. These serious iOS security flaws are estimated to have sold in the black market for up to $5 million. Out of 6, details of 1 fix awaits confirmation from Apple. Rest have been fixed in iOS 12.4 update released on 22nd July. It is recommended to install the latest version of iOS so that the phone’s security is not compromised.