Apple touts user privacy and security as one of its biggest selling points. It has vehemently attacked Facebook and Google that are not as devoted as Apple to your privacy and security. But a known bug that Apple hasn’t fixed in four years has been exploited by security researchers to hack the Apple Contacts app and produce malicious results. The flaw puts over a billion iPhone and iPad users at risk.
Researchers at security firm Check Point demonstrated at the Def Con 2019 conference a vulnerability in the SQLite database format. They exploited the SQLite vulnerability as well as a known bug for four years to manipulate the Apple Contacts app. Searching the Contacts app under certain circumstances enables the iPhones and iPads to run malicious code, reports AppleInsider.
SQLite is the most widely used database engine in the world. Every major operating system including Windows, macOS, iOS, Android, Chrome, Firefox, and Safari use SQLite. Whenever you look up information or search for a contact on your device, you are in all likelihood searching an SQLite database.
Researchers at Check Point replaced one part of the Apple Contacts app, for which they needed access to the unlocked iPhone or iPad. Once the replacement code was inserted, they could choose what results are produced when the user searched the Contacts database. Though they decided to crash the app during demonstration, the researchers could have stolen user data and passwords using the malicious code.
How were the researchers able to insert malicious code in Apple’s closed iOS ecosystem? The Check Point researchers said that keeping the replacement code after the restart on an iOS device was “hard to achieve.” That’s because all apps and executable files are required to go through Apple’s Secure Boot startup checks.
Unfortunately for users, the SQLite database is not executable. “Luckily for us, SQLite databases are not signed,” the researchers were quoted as saying. Why is the SQLite database not signed? Because of a known four-year-old bug that Apple decided not to fix. “We proved that memory corruption issues in SQLite can now be reliably exploited,” said Check Point.
The security firm has “responsibly disclosed” its research and methodology to Apple. The Cupertino company had its own reasons for not fixing the bug despite being aware of its existence. The bug could be triggered only by an unknown app accessing the database. And iOS is a closed ecosystem with no room for unknown apps. But the SQLite is so versatile that it could be triggered in “many scenarios.”
In the absence of an unknown app, the security researchers used the Contacts app to trigger the bug. It would be interesting to see whether Apple will fix the bug or leave it as it is. Check Point’s hack works on devices running iOS 8 through the beta versions of iOS 13.
Apple remains committed to user privacy and security. But the recent revelations of serious bugs in iMessage and FaceTime emphasize that even Apple devices are vulnerable to hacking. Security researchers at Chinese internet giant Tencent demonstrated at the annual Black Hat hacker convention in Las Vegas how they managed to trick Apple’s Face ID technology in less than 120 seconds. All they needed was some tape, a pair of spectacles, and an unconscious or sleeping iPhone user.
Researchers at Google’s Project Zero program have also discovered serious vulnerabilities in Apple’s iOS software. One of the bugs allowed hackers to gain access to your iPhone or iPad by sending you a text message. Google researchers shared the vulnerabilities with the iPhone maker, which fixed most of the flaws before they were made public.
To make its operating systems more secure, Apple has announced that it would offer up to $1 million to hackers who can hack into its devices and share the details with the company. It’s the biggest bug bounty program by Apple. In the past, the tech giant used to limit its bug bounty program to only a handful of friendly hackers. But the new program is open to anyone in the world.
Cybersecurity firms such as the NSO Group demand over a million dollars from government agencies and private clients for remotely breaking into an iPhone. Apple’s new bug bounty program aims to make it more difficult for companies like NSO Group to hack into your iPhone.
