As iPhone users, we like to tell ourselves that we’re using the safest possible platform for handling our personal information. We’ve been told many times that the encryption and security properties of an iPhone are so secure that even the FBI can’t break into them when they’re trying to investigate a crime. The overwhelming majority of us would never have any reason to worry about the security services attempting to gain access to our devices anyway, but it’s nice to know that our data is in safe hands – or is it?
Is The iPhone’s Email App Compromised?
During the past few days, there have been allegations all over the press that the iPhone’s standard email app is wide open to hackers, and may even have been exploited already. Apple has been quick to go on the defensive, and have issued a statement saying that there’s no evidence that the newly-identified flaw has been exploited, but that hasn’t assuaged everyone’s concerns. Could it be that there’s been a gaping hole in the security protocols of the email app for a long time? If so, how likely is it that someone has been able to gain access to your phone and intercept your emails?
Before we go any further, we should note that it’s impossible to create a system that’s totally safe against hackers. Hackers will always exist, and they’ll always be in a constant process of trying to gain access to secure systems. To hackers, it’s like playing a highbrow version of online games. Just as a player has to spin the reels multiple times if they want to win money, a hacker will repeatedly attempt to crack a system until they eventually gain entry. The only real difference is that for a roseslots player, the jackpot is an instant cash payout. For a hacker, the jackpot is access to information that could eventually turn out to be far more valuable. Both games are risky, but only one of them is malicious. Apple users will be hoping that on this occasion, the house has won, and their information is safe.
While the amount of danger posed to users by the flaw is debated, the existence of the flaw isn’t. A mobile security firm called ZecOps published their own research on the matter last week, and say that the bug may potentially affect millions of people. In a rejection of Apple’s official stance on the matter, ZecOps say that they’re very confident that the issue has been used by hackers to gain access to the personal information of at least six high profile individuals. The average iPhone user won’t be of interest to hackers, but if it’s possible to gain access to the emails of one person, it’s possible to gain access to the emails of anybody. Perhaps more worryingly, at the time of writing, Apple has not yet patched the flaw. They’re working on a fix, and they hope to push the fix out to phones in the very near future, but right now, the vulnerability still exists and can, therefore, still be exploited.
ZecOps and Apple – Everything You Need to Know
News of the vulnerability has only recently reached the press, but Apple has known of it for at least a month. ZecOps approached Apple directly to report their findings, and only went to the press a month later when they felt that their concerns weren’t being listened to or addressed. Unlike some high-profile iPhone vulnerabilities of the past, this flaw doesn’t only apply to older versions of iOS. Even if your devices have updated to the latest version, the research company says that the potential for your device to be compromised still exists.
The hacking attack starts with sending you a seemingly blank email. Upon opening the email, the iPad or iPhone would crash, and hackers would then gain access to your device while it was rebooting to recover from the crash. Unlike the majority of the hacking methods, there is no action required on the user’s behalf to become vulnerable. They don’t have to download a specific file or visit a specific website. As soon as the email is opened – which can be done with just a single push of a button – the attack begins, and at that point, nothing can be done to prevent it.
According to ZecOps, the attack has so far been used successfully against the owner of one of America’s fortune 500 companies, a high-ranking employee of one of Japan’s largest mobile networks, several senior tech executives across the Middle East, and two European journalists. Apple has rejected this aspect of the claim, insisting that the company has performed its own investigation and analysis and hasn’t been able to identify any evidence that any attacks have happened. They also insist that although there is a vulnerability, it doesn’t put any of their customers at risk.
They acknowledge three specific flaws in the Mail app, but say that other security provisions on iPhones and iPads prevent the flaws from being used to gain access to data.At the moment, there’s no way of knowing who’s right and who’s wrong. ZecOps say that they have further evidence to prove that attacks happened, but they won’t release the information until Apple has released a patch, because releasing the information may make it easier for attacks to be carried out. Apple certainly won’t want to worry its higher-value customers by admitting that their personal information might be at risk, but it would be a public relations disaster to deny that any attacks have happened and then be forced to concede that they have indeed happened at a later date. Someone in this situation is right, and someone is wrong – and ZecOps have far less to lose if they’re proven to be wrong.
Final Thoughts
This article isn’t a suggestion that everybody should abandon their Apple devices and turn to Android. Android devices have been shown to have multiple vulnerabilities of their own in the past, and it’s thought that Android systems are targeted more frequently than Apple systems. It is, however, a reminder that nothing online is ever one hundred percent safe no matter how much we like to tell ourselves it is.