Competitors are business rivals. But that doesn't mean one should stay quiet when vulnerabilities are found on competing platforms.
Google the tech giant, is the biggest rival of Apple. But here, Natalie Silvanovich and Samuel Groß, two researchers working on Google Project Zero have, have initially published details and demo proof-of-concept code of five out of the six bugs they found on iOS.
Four of these bugs can lead to the execution of malicious code on remote iOS devices.
This kind of bug is called "interactionless" because it makes it possible for hackers to hijack users' iPhone via iMessage, without any significant user interaction.
All the attackers need to do to perform the attack, is by only delivering an infectious message, and enticing the recipient into opening and viewing it.
According to Silvanovich:
"This presentation explores the remote, interaction-less attack surface of iOS. It discusses the potential for vulnerabilities in SMS, MMS, Visual Voicemail, iMessage and Mail, and explains how to set up tooling to test these components. It also includes two examples of vulnerabilities discovered using these methods."
In another finding, researchers from security firm Hexway found security flaws involving Bluetooth Low Energy (BLE) which can potentially leak an iPhone information to people in vicinity.
All the attacker needs to do, is to just create a phone number database of a specific region. And by using a specialized script, the attacker can then collect information on users whenever they try to AirDrop a file.
The iPhone information that could be retrieved using this method, include its name, whether or not it's in use, its Wi-Fi condition, the iOS version the phone is running, and information about the battery.
The reason for this flaw is because whenever an iPhone's BLE is turned on, it will broadcast these details to those within reach.
When a user is using AirDrop to share a file, the device is essentially broadcasting a partial SHA256 hash of the phone number. In the case that Wi-Fi password sharing is in use, the device is also sending partial SHA256 hashes of its phone number, the user’s email address, and the user’s Apple ID.
While only the first three bytes of the hash are broadcast, Hexway researchers said that those tiny information is already enough to recover the phone's full number.
Apple is long renowned for its security approach. From its heavy scrutiny on its App Store, to the way iOS works, to the company's business model that doesn't rely on user data for revenue.
Apple also boasts its products as easy to use. For example, iPhone users can easily locate their lost phone, share Wi-Fi password and use AirDrop to send files to other nearby devices.
But the two security issues show that even the most famous company that doesn't "spy" on its users, can still be concerning to those who choose Apple products to evade Google trackers and other privacy reasons. The issues are are also yet another illustration of how user-friendly devices can conflict with security.
For the first issue, Apple‘s iOS 12.4 security patch posted on July 22 can protect users against the five exploits. But for the one remaining exploit, Apple didn't sufficiently addressed it, forcing the team at Google Project Zero to initially withhold their findings.
And as for the latter issue, the information disclosed in the Bluetooth may not be a big deal in many use cases, such as for those users who share information at home or at the office, or where everyone knows everyone else.
But the flaw can be a big privacy concern when in use in public places.