Gabi Beltram Media Manager, The Pawprint
At a recent Black Hat cybersecurity conference- which trains hackers, corporations, and government agencies. It was shown how easy it is to take over your iPhone. Hackers can use iMessage and Safari to gain access to your phone without any human interaction.
In the past, the most common way of gaining access to your phone had been by receiving a false website link through iMessage or getting you to download disreputable apps. Now a more sophisticated and unavoidable way is to simply receive a message, which can allow hackers to gain access to your device.
A hacker can send a specific message to your phone, which the device will receive and send some of your ‘user data’ (for instance: messages and images), back in return. This can then allow the hacker to dig further. You wouldn’t even have to open the message for it to work.
WebKit, a browser engine and the building blocks behind Safari and all iOS browsers is another way into your device. Its fundamental code has many exploitable bugs that aren’t fixed fast enough. Apple doesn’t allow for other browsers on the phone to use their own coding and they are all forced to use Apple’s WebKit, which means that all the browsers available on your device are basically Safari with a different look.
According to Linus Henze- an independent security researcher, “Apple trusts their own code way more than the code of others, they just don’t want to accept the fact that their code is made up of many bugs too.” Apple is working to combat these issues but this begs the question, should Apple start trusting other developers more? Or should they just stick with the potential for mass cyber security attacks?