Open 24/7/365

We Have A Life-Time Warranty /
Guarantee On All Products. (Includes Parts And Labor)

Apple iPhone May Be Vulnerable To Email (Mail) Hack

Sophisticated nature of the attack means users may not realize they have been hit, ZecOps researchers conclude. Apple iPhone May Be Vulnerable To Email (Mail) Hack

Sophisticated hackers may be attacking Apple Inc. AAPL 3.22% iPhones by exploiting a previously unknown flaw in the smartphone’s email software, according to a digital-security company that has investigated the incidents.

Attacks on the devices that traditionally have enjoyed a solid reputation for safeguarding personal data date back at least two years and would have been virtually undetectable by victims, Zuk Avraham, chief executive of ZecOps Inc., the San Francisco-based cybersecurity company that detected and analyzed the hacks.

The intrusions are hard to detect because of the sophisticated nature of the attack, and Apple’s own security measures, which can sometimes make investigating the devices a challenge, according to ZecOps.

Typically phone hacks require a user to take a specific action to download malware, such as clicking on a message, or visiting a website. In this case, hackers have found a way to install malicious software without the recipient doing anything. The bug could leave a large number of iPhone’s open to attack, though researchers say it doesn’t appear to have been widely deployed at this point.

Hackers would send a specially crafted email message to gain access to the recipient’s device, said Mr. Avraham, a well-regarded figure in the tightknit community of iPhone security experts. The bug is triggered when the message is downloaded by the phone’s email reader, without further action by the recipient, he said.

ZecOps based its analysis on digital clues left after an attack within the iPhone’s operating system, rather than the malware itself. The company was unable to obtain the malicious code because the emails used to launch the attacks had been deleted from victims’ devices, Mr. Avraham said.

The attack marks the latest setback for Apple iPhone security, which had long been considered the gold-standard for protection of customer data on smartphones. The iPhone’s reputation has suffered over the past year as security researchers have uncovered a series of attack tools—called exploits—that can be used to gain unauthorized access to the iPhone by leveraging bugs in the phone’s software. Hackers typically use exploits to install software on the phone that can then download emails, messages, photos and other sensitive information.

Apple appears to have taken steps to fix the flaw. The U.S. tech giant has patched the mail bug in a test version of its iPhone operating system, but the fix hasn’t yet been widely released through an official IOS update, Mr. Avraham said.

The fact that the patch isn’t broadly available gives users few options to protect themselves from the attack. Mr. Avraham said he has deleted his mail app, out of an abundance of caution, but Mr. Wardle says he doesn’t recommend the practice, given that the attack isn’t believed to be widespread, at present.

ZecOps so far identified six targets for the attacks based on the email vulnerability, whom Mr. Avraham declined to name. They include, he said, employees of a telecommunications company in Japan, a large North American firm, technology companies in Saudi Arabia and Israel, a European journalist and an individual in Germany.

The ZecOps evidence of continuing attacks is compelling, although short of being definitive, said Patrick Wardle, a security researcher at mobile-security company Jamf Software LLC, who has examined ZecOps report on the bug. But it does show that Apple has a serious security issue that needs to be fixed, he said.

Since the iPhone’s introduction in 2007, Apple has spent millions of dollars developing and promoting it as a secure computing device. Experts such as Mr. Wardle consider it to be the most secure consumer device built today.

Still, on Tuesday, Reston, Va.-based security firm Volexity Inc. said that between January and March of this year, hackers had placed a new exploit on websites serving China’s minority Uighur community, a group some Western officials say are being persecuted by Beijing, a charge the Chinese government denies. The company fixed that flaw last summer.

The data vulnerability Volexity found leveraged a flaw in Apple’s browser. For it to work, the user would have to have visited a website controlled by the hackers while using a mobile phone that was running an older version of Apple’s operating system, including IOS 12.3, 12.3.1, and 12.3.2 software. Apple patched the flaw in version 12.4. Apple currently has deployed IOS version 13.4.1.

On its website, Apple says that about 30 percent of users aren’t using the latest version of its IOS. Many of these users would be vulnerable to this attack, said Steven Adair, Volexity’s founder.

An Apple spokesman declined to comment on the Volexity research.

The attack echoes an earlier weakness in iPhone security that Google researchers disclosed in August. Those attacks infiltrated the smartphones of people who visited a small group of hacked websites. The attack code Google’s researchers uncovered took advantage of a total of 14 iPhone bugs. At the time, Apple said that the attacks uncovered by Google weren’t widespread, affecting “fewer than a dozen websites that focus on content related to the Uighur community.”

Because mobile phones contain some of their owner’s most sensitive information—their photos, contacts, text messages and even details of their movements—it is particularly worrisome when they are hacked, Mr. Adair said.


Related Articles:

Google Hack Requires That You Updated Chrome Browser Now To Version: 81.0.4044.113

Privacy-Oriented Browsers Gain Traction (#GotBitcoin?)

Can Blockchain Technology Counter US Anti-Message Encryption Bill? (#GotBitcoin?)

Chinese Military Turns To U.S. University To Conduct Covert Research

CIA Has Had Keys To Global Communication Encryption Since WWII

Hostile Spies Target U.S. With Cyber, Encryption, Big Data, Report Finds

Hackers Stole And Encrypted Data of 5 U.S. Law Firms, Demand 2 Crypto Ransoms

Ex-CIA Engineer Goes On Trial For Massive Leak

Multi One Password (Portable App)

After He Fell For A $40K Phone Scam, His Bank Offered To Help—If He Stayed Quiet (#GotBitcoin?)

Your PGP Key? Make Sure It’s Up To Date

Bezos’ Phone Allegedly Hacked By Account Associated With Crown Prince

Major Companies Shared Vulnerability Used In Travelex Cyberattack (#GotBitcoin?)

Microsoft Releases Patch To Patch Windows Flaw Detected By NSA

VPN Tier List 2020 (Comparison Table)

SEC Market-Surveillance Project Hits Snag Over Hacker Fears

Inside China’s Major US Corporate Hack

Twitter Bug Exposed Millions of User Phone Numbers

U.S. Cyber Officials Give Holiday Shopping Advice For Consumers

Is Cayla The Toy Doll A Domestic Spy?

Google’s “Project Nightingale” Faces Government Inquiry Over Patient Privacy.

Which Password Managers Have Been Hacked?

DNS Over HTTPS Increases User Privacy And Security By Preventing Eavesdropping And Manipulation

Russia Steps Up Efforts To Shield Its Hackers From Extradition To U.S.

Barr Revives Debate Over ‘Warrant-Proof’ Encryption (#GotBitcoin?)

Should Consumers Be Able To Sell Their Own Personal Data?

Doordash Says Security Breach Affected Millions Of People (#GotBitcoin?)

Fraudsters Used AI To Mimic CEO’s Voice In Unusual Cybercrime Case (#GotBitcoin?)

Pearson Hack Exposed Details on Thousands of U.S. Students (#GotBitcoin?)

Cyber Hack Got Access To Over 700,000 IRS Accounts (#GotBitcoin?)

Take A Road Trip With Hotel Hackers (#GotBitcoin?)

Hackers Prove The Insecurity Of Trump’s Border Security By Stealing Photos Of Travelers’ Faces (#GotBitcoin?)

Hackers Target Loyalty Rewards Programs (#GotBitcoin?)

Taxpayer Money Finances IRS “Star Trek” Parody (#GotBitcoin?)

IRS Fails To Prevent $1.6 Billion In Tax Identity Theft (#GotBitcoin?)

IRS Workers Who Failed To Pay Taxes Got Bonuses (#GotBitcoin?)

Trump DOJ Declines To Charge Lois Lerner In IRS Scandal (#GotBitcoin?)

DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)

Poor Cyber Practices Plague The Pentagon (#GotBitcoin?)

Tensions Flare As Hackers Root Out Flaws In Voting Machines (#GotBitcoin?)

3-29-2019 FBI Retools To Counter Cyber Threats, 4-12-2019 Thousands Of FBI Personal Data Is Stolen (#GotBitcoin?)

Overseas Traders Face Charges For Hacking SEC’s Public Filings Site (#GotBitcoin?)

Group Hacks FBI Websites, Posts Personal Info On Agents. Trump Can’t Protect You! (#GotBitcoin?)

SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)

Hackers Prove The Insecurity Of Trump’s Border Security By Stealing Photos Of Travelers’ Faces (#GotBitcoin?)

Our Facebook Page

Your Questions And Comments Are Greatly Appreciated.

Monty H. & Carolyn A.

Go back

Leave a Reply