21 votes

“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware

15 comments

  1. [5]
    Inveigh
    Link
    This is frankly insane - being able to gain access to a device just by knowing someone’s phone number feels like something out of a teenager’s threats that he’ll “hack you so hard.” How do you...

    This is frankly insane - being able to gain access to a device just by knowing someone’s phone number feels like something out of a teenager’s threats that he’ll “hack you so hard.”

    How do you even protect against this as an iOS user? Block all texts from unknown numbers seems like the only feasible way, but that also assumes that none of your contacts are compromised..

    11 votes
    1. [4]
      triadderall_triangle
      Link Parent
      Disable iMessage and Facetime for one. The issue with a lot of Apple apps is they are integrated so deeply and by taking shortcuts to the point where you get crazy outcomes like this on the reg. I...

      Disable iMessage and Facetime for one. The issue with a lot of Apple apps is they are integrated so deeply and by taking shortcuts to the point where you get crazy outcomes like this on the reg.

      I don't think this kind of thing is possible through Signal and maybe not with Whatsapp but the stock apps are unfortunately rolling the dice. Also iCloud Calendar has similar risks.

      3 votes
      1. [2]
        MimicSquid
        Link Parent
        Even Signal messages can be compromised if the user is using a third-party keyboard app, as is semi-common in non-latin alphabet languages.

        Even Signal messages can be compromised if the user is using a third-party keyboard app, as is semi-common in non-latin alphabet languages.

        1. triadderall_triangle
          Link Parent
          I'm actually referring to how an exploit in Signal would likely be limited to effects more isolated to Signal/its sandbox. An Apple iMessage exploit cuts to the heart of iOS where it can do insane...

          I'm actually referring to how an exploit in Signal would likely be limited to effects more isolated to Signal/its sandbox. An Apple iMessage exploit cuts to the heart of iOS where it can do insane amounts of damage and provide an unparalleled level of malicious access to the exploiters.

          That probably wouldn't be possible if iMessage was treated with the level of distrust Apple treated non-Apple apps. That is to say, if the standards were consistent for everyone, including Apple, I doubt we would see such severe exploits. Its like that horror movie trope "The call is coming from inside the house 😱

          1 vote
      2. ButteredToast
        Link Parent
        I'm not sure it's so much taking shortcuts that's getting them in trouble as it is trying to be efficient. macOS has been known for example to use OpenCL and later Metal to accelerate QuickLook...

        I'm not sure it's so much taking shortcuts that's getting them in trouble as it is trying to be efficient. macOS has been known for example to use OpenCL and later Metal to accelerate QuickLook document previews so they render as quickly and with as little battery impact as possible. Unfortunately that's pretty low level and difficult to properly wall off from the rest of the OS without rendering much of the performance improvements moot.

  2. [2]
    unkz
    Link
    A pretty wild exploit with who knows how much reach. I wonder who else has been targeted?

    A pretty wild exploit with who knows how much reach. I wonder who else has been targeted?

    4 votes
    1. mild_takes
      Link Parent
      Im pretty sure this exact type of thing is what NSO was able to do with Pegasus. NSO sold that to various governments across the world. Remember that journalist the Saudi government killed?...

      Im pretty sure this exact type of thing is what NSO was able to do with Pegasus. NSO sold that to various governments across the world. Remember that journalist the Saudi government killed? Pegasus was found on his fiance's phone.Source

      5 votes
  3. [3]
    Comment deleted by author
    Link
    1. [2]
      Moonchild
      Link Parent
      yes. also 'lockdown mode'

      yes. also 'lockdown mode'

      2 votes
      1. vagueallusion
        Link Parent
        Purely anecdotal: When I disabled iMessage on my work phone 4 months ago I experienced undelivered SMS and MMS communications, both incoming and outgoing. No failure notice or anything just...

        Purely anecdotal:

        When I disabled iMessage on my work phone 4 months ago I experienced undelivered SMS and MMS communications, both incoming and outgoing. No failure notice or anything just ghosted.

        It's possible this could have been overcome with deeper configuration or even just waiting it out but if you do this be prepared for possible lost texts.

  4. [7]
    Comment deleted by author
    Link
    1. [2]
      Moonchild
      Link Parent
      um, no. look at a cve list for any other high-profile internet-connected software (especially eg browsers), and you'll see the same thing. apple is reasonably well-regarded, security-wise, and at...

      um, no. look at a cve list for any other high-profile internet-connected software (especially eg browsers), and you'll see the same thing. apple is reasonably well-regarded, security-wise, and at least historically much better than android (it may have caught up in the last few years; haven't looked too closely). there are structural issues, but not more so than in other software, and that is more an indication that software development is hard than that anyone is behaving maliciously or incompetently; and, further, they have been public about structural efforts to build mitigations for security issues (esp. in webkit).

      5 votes
      1. edenist
        Link Parent
        I don't know how anyone can keep a straight face while talking about the security of a completely proprietary piece of software. The only eyes on the source are Apple's, so we have no way of...

        I don't know how anyone can keep a straight face while talking about the security of a completely proprietary piece of software. The only eyes on the source are Apple's, so we have no way of properly verifying what is going on there. And believe me, I'm no fan of google either, this isn't about brand loyalty or anything like that. I am just suspicious by default of any software who's source cannot be verified, and repeated zero-click zero-days in apple's software seems to support said suspicions.

        1 vote
    2. [3]
      RedHawk
      Link Parent
      I feel like that is a bit of a stretch. Apple has always been very open and upfront about NOT cooperating with police and other federal agencies in accessing phones etc. Why would they start...

      But then again, that just tells me Apple products shouldn't be trusted...

      I feel like that is a bit of a stretch. Apple has always been very open and upfront about NOT cooperating with police and other federal agencies in accessing phones etc. Why would they start helping out the government hack into a foreign national's iPhone? Also, this particular case targets iPhones, who is to say there aren't cases where it is targeting Androids as well?

      2 votes
      1. triadderall_triangle
        Link Parent
        As much as I'd like to assume good faith, things like iMessage seem to get closer and closer to being the "skeleton key" that was requested years ago by LE. A chat app should not be able to...

        As much as I'd like to assume good faith, things like iMessage seem to get closer and closer to being the "skeleton key" that was requested years ago by LE. A chat app should not be able to weaponize the rest of your phone against you in the way demonstrated by past events.

        Apple would not have tolerated any other app/service having that level of access and abillity to modify to such a high privilige level. The hack against it was incredibly sophisticated so their moral blameworthyness is slightly reduced but the original argument stands that they should not be giving special treatment to their code.

        If anything, they need to scrutinize their apps even more scrupulously to compensate for their natural bias. A guy was brutally murdered over this and that can't be allowed to repeat. Not if they want to be a serious big-boy smartphone company that isnt dooming their customers to unmitigated spying/stalking/and worse.

        1 vote
      2. edenist
        Link Parent
        For all we know they've received an NSL, have been compelled to cooperate and are not allowed to comment publicly on the matter at all. And you're right, no doubt the OEMs for android devices have...

        For all we know they've received an NSL, have been compelled to cooperate and are not allowed to comment publicly on the matter at all. And you're right, no doubt the OEMs for android devices have similar "agreements" with government agencies as well.

    3. m-p-3
      Link Parent
      I wouldn't be surprised if Android devices had the same kind of APT that are yet to be discovered and currently going wild.

      I wouldn't be surprised if Android devices had the same kind of APT that are yet to be discovered and currently going wild.