It’s a shocking revelation. The Bahraini government purchased and deployed sophisticated malware to attack human rights activists. This spyware required no interaction from victims–no clicked hyperlinks, no permissions granted—-to gain access to their iPhones. As disturbing as this week’s report from the University of Toronto’s Citizen Lab may seem, it’s also a common one. Attackers used Apple’s iMessage service weaknesses to execute these “zero-click” attacks. Security researchers say the company’s efforts to resolve the issue haven’t been working–and that there are other steps the company could take to protect its most at-risk users.Interactionless attacks against current versions of iOS are still extremely rare, and almost exclusively used against a small population of high-profile targets around the world. They are very unlikely to be encountered by the average iPhone owner. The Bahrain incident shows that Apple’s attempts to reduce iMessage risks for the most vulnerable users has not been fully successful. It is now up to Apple to decide how far it is willing to go in order to make its messaging platform less dangerous. “It’s frustrating that there is still an un-deletable iOS app that can accept data from anyone,” says Patrick Wardle, a long-time macOS security researcher. “If someone has a zero click iMessage exploit, they could just send it anywhere in the world at any moment and hit you.” Apple did make a significant push to address zero-clicks in iOS 14. BlastDoor is the most prominent feature. It’s a quarantine ward that iMessage messages are sent through to prevent them from reaching the full iOS environment. The interactionless attacks continue to come. The Citizen Lab findings this week and the July research by Amnesty International, both show that it is possible to use a zero-click attack against BlastDoor. WIRED was told by an Apple spokesperson that the company plans to strengthen iMessage security beyond BlastDoor and that iOS 15 will have new defenses. It’s not clear what those additional protections will look like, and there is no defense against the BlastDoor hack that Citizen Lab and Amnesty International both observed. “Attacks such as the ones described are highly complex, cost millions of Dollars to develop, often have short shelf lives, and are used specifically to target individuals,” Ivan Krstic, Apple’s head for security engineering and architecture, stated in a statement. “While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers.”iMessage’s many functions and features make it difficult to defend, security researchers say. Its “attack surface”, however, is huge. It takes a lot code and jerry-rigging underneath the hood to get all those green bubbles working smoothly. Attackers have new opportunities to exploit flaws in every feature and interconnection that iOS has with other parts. Since the rise of iMessage zero-clicks a few years ago, it’s become increasingly clear that comprehensively reducing the service’s vulnerabilities would take some epic rearchitecting–which seems unlikely at best.Absent a total overhaul, though, Apple still has options for dealing with sophisticated iMessage hacks. Researchers suggest that the company might offer special settings so that at-risk users can lock down their Messages app. This could include a setting that prompts the user before they accept messages from people not in their contact list.

Leave a Reply

Wow look at this!

This is an optional, highly
customizable off canvas area.

About Salient

The Castle
Unit 345
2500 Castle Dr
Manhattan, NY

T: +216 (0)40 3629 4753