Posted on January 12, 2020 at 5:01 PM
Although Apple iPhones are known to be secure devices, they are still vulnerable to hacking. A few days ago, Google’s security team just revealed how it could be easy for hackers to access users’ iPad or iPhone without their knowledge.
With just the user’s Apple ID, Samuel Groß remotely hacked into a user’s iPhone, revealing emails, text messages, and passwords within minutes.
The security expert and his team discovered a single vulnerability referred to as CVE-2019-8641 and used it to explore hacking options. They also activated the camera and microphone of an Apple iPhone while the user was completely unaware.
What this means is that a user doesn’t need to click a malicious mail or link before his or her iPhone could be hacked. Hackers can get access to a user’s iPhone and personal details without any inviting action from the user.
Nature of CVE-2019-8641 vulnerability
The name “CVE-2019-8641” may sound like the batch number of a product. But it’s the name of the vulnerability that allowed Google’s Groß to have access to an iPhone using the user’s Apple ID. The vulnerability was first reported in July last year but was published the following month. It was part of the joint venture project between Natalie Silvanocich and Google’s Groß.
The vulnerability was handled initially on August 26 last year when Apple released the iOS 12.4.1 update. But it was completely fixed during the iOS 13.2 update on October 28 last year.
No need to worry about the vulnerability
As stated earlier, the weakness that led to the hack has already been fixed. So, there is no need for iPhone users to panic over the issue. Apple has since made iOS updates to correct the weakness. However, those who have not applied the update could still be vulnerable to a similar attack. So, users must update their iPhones as soon as possible.
Project Zero also discovered other vulnerabilities
Apart from the iPhone vulnerability, Google’s Project Zero team discovered other various security leaks last year. For instance, the security experts revealed that there was a weakness in Apple’s iMessage, which could make an iPhone ineffective and force a factory reset.
Similarly, there was a vulnerability discovered in July last year. The weakness can allow a hacker to read through an iPhone file without the attacker having physical control over the iPhone.
Groß team still under intensive security research
Project Zero provides more information about the research the Groß team is undergoing. The research is aimed at improving the overall safety and security of iPhones. According to Google, the research team was set up at a hacking conference last year, and the group has made very important findings that have improved the security of iPhones.
The security researchers also have a blog where they discussed a data ransom security software known as ASLR. According to the team, the security software was installed to provide a shield against hacking exploits. However, the shield is not very potent and can be easily bypassed with malware.
Groß wants Apple to implement stricter security measures
Groß is asking Apple to be more proactive and intensive in the implementation of new security measures on its products. The team reiterated that according to the research, iPhone users could have been exposed to very dangerous hacking attempts if lapses were not discovered and corrected on time.
The team said that hackers would always be looking for vulnerabilities, even in the most secure places. Groß said that enough security codes should be implemented on user interaction, particularly when users are receiving messages from unknown senders.
As advice to users, Groß said that users should guide their Apple ID jealously. They should never share it with others, no matter how close they are. The team pointed out that even if the third party is completely trusted, they cannot be trusted to be very careful.
Also, if the user discovers their ID is missing, it’s important to quickly backup their data and consider getting a replacement as quickly as possible. According to Groß, that’s the only way to keep data safe and ensure that hackers don’t get to the user when they discover any vulnerabilities.