Why IOS Suddenly So vulnerable: Apple iPhone Not Secure Has You Thought #Part2



Could Apple do more to improve the security of its premium-priced Products


As the IOS developed over the years it became more and more complex and difficult to navigate for cybersecurity researchers. Over the past few years, the attacks surface of IOS has significantly expanded fully remote attacks on IOS are starting to be a commonplace. The first major remote privilege escalation attack on IOS made headlines in summer 2016 when a us-based company used three separate vulnerabilities to build spyware to target a political dissident in the United Arab Emirates.




The spyware was completely interactionless, If you received a malicious message through Imessage without opened it you will immediately give adversary access into your iPhone.

The exploit cloud access users messages, calls, email, contacts, calendar and unencrypted data from WhatsApp, Viber, Gmail .facebook, skype and others. The exploit would automatically update its self to stay supported alongside IOS versions and researchers thinks it's still used against iPhone users throughout the world.



Earlier last summer Project-zero was evaluating the remote attack surface of the iPhone and found a total of 10 vulnerabilities most of them in iMessage.iMessage has a very complex source code a lot of which contributes to the apps attack surface carries no benefit to users and the blackhat security conference in las Vegas Researcher Natalie Silvanovich presented several zero-click iMessage exploits some of which were still zero-day at the time. 


It was revealed that iMessage was still vulnerable to full remote interaction take over though malicious just like it was in 2016. Bugs like these are difficult to spot and yet easy to exploit and the blame is on the app complexity with so many features like emoji, file rendering and integration with other apps like Apple pay and Itunes it's easier to make development mistake and introduce vulnerabilities.

Apple's decades-long strategy has been to keep their ecosystem lockdown and close source but when it comes to security Apple is shooting themselves in the foot. There are many researchers that would like to help strengthen the IOS security and some even make a business out of it but because all core components are code source in secret it's hard for security researcher to analyze them.



Initially, Apple managed to keep IOS secure thanks to its lockdown and uniformity over the years that created a digital monoculture if somebody finds an exploit chain for IOS chance are it will work on all iPhone running that version on IOS. Andriod that has traditionally been mostly open-source used to be riddled with bugs in severe security issue but it's vastly increased in recent in years because Open architecture invites more eyes to review and improve the source code.



Andriod while still having a stockpile of its own vulnerabilities mitigates the problem of universal exploits through diversity of ecosystem. Almost every brand of smartphone shapes sampled modified version of Andriod and an exploit working on one phone could be complete unless on the others. The walled garden design is a clever business strategy and it convenient for users but also put all their eggs in one basket.


MUST-READRemote Exploit: Apple iPhone Not Secure Has You Thought #Part1


Apple makes it difficult or impossible to change or delete any of the default apps. Users cannot diversify their devices enough and this uniformity of apple users simplifies the job for the attackers.


All of this manifests itself on the market as well. There are businesses who are brokering exploits on various software and operating systems one of such malware broker "Zerodium" now offers to buy an interaction less zero-day exploit on Andriod for $2.5 million while the equivalent on iPhone cost $2 million.



The supply of iPhone zero-day exploits growing so rapidly that for the first time in history the market is willing to pay more for Andriod exploit than IOS. The broker says they even had to refuse some IOS exploit because the market was so flooded with them.



"Zerodium" also decreased rewards for zone-click exploit on IOS from $1.5 million to $1 million. The primary client of malware brokers is government and state-sponsored adversaries. The FBI  once broke into a terrorist iPhone that Apple refused to build a backdoor for by purchasing a Zero-day exploit from a grey hat hacker. 

MUST-READRemote Exploit: Apple iPhone Not Secure Has You Thought #Part1

It is speculated that the Chinese attacker's cloud has also acquired the IOS exploits from some of these malware brokers but for the longest time Apple has been offering far less for securing their products than the rest of the market.


At the time of the 5 Exploit chains, Apple offered only $200,000 for zero-click full chain kernel exploit when brokers and governments offered to pay several times more. Experts and operating system security are very rare their talent is highly valued. 


The calculus for such a researcher is rather straightforward be ethical and get the minimal reward for your time by reporting exploit to an apple or get paid several million for the same work in somehow rationalized that the people who you sold it to might use it against innocent civilians.


Apple is primarily responsible for securing products they are selling to millions of customers worldwide.


Many of the exploits cloud have been avoided if Apple followed rigorous code reviewing and units testing procedures that would have revealed those bugs to developers before they were abused by malicious adversaries and known afterwards. 


MUST-READRemote Exploit: Apple iPhone Not Secure Has You Thought #Part1

0 Comments

Post a Comment

Post a Comment (0)

Previous Post Next Post