GOOGLE hackers have been at it again. They have found, they say, 10 new ways that the Apple iPhone can be hacked without them being touched and even without users ever knowing.
Last year the Google Project Zero team said they found 30 different iOS vulnerabilities. The project is an elite team of programmers formed with the aim of finding vulnerabilities in Google’s own systems as well as rivals’.
It has to be said that the iPhone is one of the most secure consumer devices on the market, but that hasn’t stopped Project Zero finding flaws hackers could exploit – although Apple has since fixed all of the problems highlighted.
The team’s Natalie Silvanovich and Samuel Gross presented a report exposing these flaws at the Black Hat hacking and security conference in Las Vegas.
In a presentation they said: “There have been rumours of remote vulnerabilities requiring no user interaction being used to attack the iPhone, but limited information is available about the technical aspects of these attacks on modern devices.”
iMessage, the default messaging app on iOS and Mac devices, suffered from the largest number of important bugs although services like text messaging, visual voicemail, and email could also be compromised.
One of the iMessage vulnerabilities would allow a hacker to persuade the iMessage server into showing user text messages, including images. The user would never see the message and wouldn’t even need to open the app. They would be completely unaware they had been targeted.
In other scenarios text messages could be used as a gateway to plant malicious code on a device.
Silvanovich said: “Overall, the number and severity of the remote vulnerabilities we found was substantial. Reducing the remote attack surface of the iPhone would likely improve its security.”
However, she added that overall iOS security is high and to stay protected the best course of action is to make sure all latest updates are installed.