Ian Beer of Google’s Project Zero recently posted an article describing a vulnerability in iPhones allowing for a remote explotation, a simple video he posted on YouTube really demonstrates the terrifying scope of this vulnerability. In it 26 iPhones of various types are laid out on the flaw with a laptop in shot with some additional peripherals strapped to the top, the user executes a command and all of the iPhones reboot.
Its a powerful demonstration of the power of the hack but a power-cycle isn’t too big of a deal right? Wrong. Unfortuantely the same remote exploit can be used to run code on the devices, steal data, implant software and presumably with work, just about anything you can imagine.
While Apple have released a patch for this vulnerability in their latest iOS release, its just another example of how an “Assumed compromised” stance is the safest option for systems when it comes to information security. As devices become more and more sophisticated, they also become more complicated which in turn introduces additional attack vectors. When you have millions of iPhone users as potential targets, the rewards for discovering and using vulnerabilities becomes high and so we end up with criminals finding chinks in the armour.
More worrying about this particular exploit is it was discovered by single – admittedly very talented – security researcher working on his own in his bedroom. I wonder how many security vulnerabilities have been discovered by state-funded teams of researchers with access to the best resources? As we saw from the ShadowBrokers release of tools purported to be from the NSA , state-sponsodered teams likely have an arsenal of exploits to take advantage of unpublished vulnerabilities and as we saw with WannaCry, if these escape in to the wild, it can be very very bad.
