Not that invincible: Apple and the latest cyber security threats

latest cyber security threats

How do deal with cyber security threats?

All of us faced some flaws in the operation of our devices: high CPU consumption, lower performance, privacy issues, malware, etc. Some of us even compare AVG and Avast antivirus or utilize some identity theft protection services to guarantee one’s online security. Still, there are the things we can’t influence, and everything we can do is to look at the tech giants and cyber security experts who try to eliminate considerable privacy problems. So, let’s dive into the latest Apple cyber security threats.

Experts reported the iPhone and iPad vulnerability due to a problem in the mail app

Cybersecurity experts have discovered vulnerabilities in Apple’s email app. According to them, these flaws have been present in the app since 2012 and allow hackers to steal data of iPhone and iPad users.

Apple’s email app has vulnerabilities that allowed hackers to steal information from different company devices. This conclusion was reached by cybersecurity experts of the ZecOps, who warned the manufacturer about the detected bug.

According to experts, this flaw existed since September 2012. Experts have identified several cyber attacks that have been carried out using these vulnerabilities. The first of them took place in January 2018, but the ZecOps assumes that similar attacks could have occurred before.

Due to the shortcomings, hackers could send letters with a special attachment, which caused a short failure in the operating system of smartphones or tablets. It allowed hackers to steal user data, including photos and contact details. The ZecOps also claims that the mail app hacking technique was used against users from North America, Japan, Germany, Saudi Arabia, and Israel.

The representative of Apple acknowledged the existence of a mail app bug, specifying that the company is preparing an update that will eliminate the vulnerability. At the same time, the representative of Apple did not comment on the investigation of ZecOps and reports that hackers could take advantage of vulnerabilities.

Google experts reveal “unprecedented” iPhone hacking 

Researchers from Project Zero (Google-based “white” hackers who look for bugs and holes in popular technologies regardless of the manufacturer) found that intruders had the opportunity to hack other people’s iPhones for at least two years due to vulnerabilities of the iOS, The Guardian writes. The publication calls it an “unprecedented” hacker attack and notes that “thousands of users a week” could have suffered.

One of the researchers of Project Zero Ian Beer published details about the identified attack. According to him, the attackers used infected sites and 14 vulnerabilities in iOS to hack iPhones. A simple visit to an infected site was enough for the server you used to attack your device and, if successfully hacked, install a program that tracks your activity.

Ian Beer explained that in case of successful hacking, the malware was installed on the iPhone and stole user files. As a result, hackers received data about the location of the device owner, access to his “Key Bundle,” which contains all passwords, the messages history in messengers WhatsApp, Telegram, and iMessage, the list of contacts in the phone and in Gmail. According to Beer, detecting malware was difficult because the usual reboot of the device immediately removed the virus. But also in a few minutes, it appeared on the devices, and the program managed to collect personal data again.

Google reported that it notified Apple of the identified problems on February 1, after which Apple released an operating system update, eliminating vulnerabilities. As The Guardian notes, Project Zero researchers are known for their tough approach to disclosure – they publicly disclose details about the vulnerability 90 days after reporting it to the technology developer – even if it fixes the error by then.

Apple declined to comment. According to the Financial Times, the identified attack was a new blow to the company’s reputation as a manufacturer of protected devices after the scandal with wiretapping users through Siri. 

The FT writes that Apple is trying to distance itself from privacy concerns faced by its Silicon Valley neighbors, Facebook, and Google. Previously, analysts stated that they consider smartphones iPhone and iOS safer than competitors. For this reason, the information disclosed by Google experts shocked them. 

Apple apologised for wiretapping the users through Siri

Several months ago, The Guardian reported that Apple had attracted third-party companies to listen to Siri’s requests as part of a program to improve the voice assistant. At the same time, they also received confidential information – for example, records of users discussing drugs or medical diagnoses, the newspaper wrote.

Lately, Apple suspended the program. The company promised to resume it, but we didn’t see significant changes. First, the company will allow customers to choose whether they agree to participate in the improvement of Siri. If so, only Apple employees will now be able to access the records. Second, the company will stop storing records of users’ calls to the voice assistant by default and will use computer-generated decryptions to train the assistant. Third, Apple will delete those records that appeared due to Siri’s self-activation when the user did not contact it. The company claimed that the corresponding amendments appeared in the latest update of the operating system.

The Guardian reported that Apple broke contracts with contractors who listened to Siri requests, resulting in hundreds of people losing their jobs. Earlier, the company told the newspaper that third-party firms working under the contract received only a small part of requests – less than 1% of all calls to Siri for the day. In addition, the recordings typically only lasted a few seconds and were impersonal.

Bottom line

As we can see, no one is immune to mistakes, not even technical giants like Apple. Still, one question remains open: how do such big technology companies, having almost endless opportunities, allow such unfortunate slips? We will never know.

What do you think about it?