Although Apple iPhones are known to be secure devices, they are still vulnerable to hacking . A few days ago, Google’s security team just revealed how it could be easy for hackers to access users’ iPad or iPhone without their knowledge.
With just the user’s Apple ID, Samuel Groß remotely hacked
into a user’s iPhone, revealing emails, text messages, and passwords within
The security expert and his team discovered a single vulnerability referred to as CVE-2019-8641 and used it to explore hacking options. They also activated the camera and microphone of an Apple iPhone while the user was completely unaware.
What this means is that a user doesn’t need to click a malicious mail or link before his or her iPhone could be hacked. Hackers can get access to a user’s iPhone and personal details without any inviting action from the user.
The name “CVE-2019-8641” may sound like the batch number of
a product. But it’s the name of the vulnerability that allowed Google’s Groß to
have access to an iPhone using the user’s Apple ID. The vulnerability was first
reported in July last year but was published the following month. It was part
of the joint venture project between Natalie Silvanocich and Google’s Groß.
The vulnerability was handled initially on August 26 last
year when Apple released the iOS 12.4.1 update. But it was completely fixed during
the iOS 13.2 update on October 28 last year.
As stated earlier, the weakness that led to the hack has
already been fixed. So, there is no need for iPhone users to panic over the
issue. Apple has since made iOS updates to correct the weakness. However, those
who have not applied the update could still be vulnerable to a similar attack. So,
users must update their iPhones as soon as possible.
Apart from the iPhone vulnerability , Google’s Project Zero team discovered other various security leaks last year. For instance, the security experts revealed that there was a weakness in Apple’s iMessage , which could make an iPhone ineffective and force a factory reset.
Similarly, there was a vulnerability discovered in July
last year. The weakness can allow a hacker to read through an iPhone file
without the attacker having physical control over the iPhone.
Project Zero provides more information about the research the Groß team is undergoing. The research is aimed at improving the overall safety and security of iPhones. According to Google, the research team was set up at a hacking conference last year, and the group has made very important findings that have improved the security of iPhones.
The security researchers also have a blog where they discussed a data ransom security software known as ASLR. According to the team, the security software was installed to provide a shield against hacking exploits . However, the shield is not very potent and can be easily bypassed with malware.
Groß is asking Apple to be more proactive and intensive in the implementation of new security measures on its products. The team reiterated that according to the research, iPhone users could have been exposed to very dangerous hacking attempts if lapses were not discovered and corrected on time.
The team said that hackers would always be looking for vulnerabilities, even in the most secure places. Groß said that enough security codes should be implemented on user interaction, particularly when users are receiving messages from unknown senders.
As advice to users, Groß said that users should guide their Apple ID jealously. They should never share it with others, no matter how close they are. The team pointed out that even if the third party is completely trusted, they cannot be trusted to be very careful.
Also, if the user discovers their ID is missing, it’s important to quickly backup their data and consider getting a replacement as quickly as possible. According to Groß, that’s the only way to keep data safe and ensure that hackers don’t get to the user when they discover any vulnerabilities .