Apple Responds Quickly To New Type Of iPhone Hack, But Security Cred May Still Take A Hit
Apple said it "immediately fixed" a new breed of security vulnerability in iOS after security researchers contacted the tech giant about the issue and Apple is now urging iPhone and iPad users to update their devices' iOS software to receive the security patch.
The cyberattack reportedly involved a text message with a link that was sent to an iPhone belonging to a human rights activist in the Middle East. If the user had clicked the link, the phone "would have become a digital spy in his pocket," according to Citizen Lab, the security research group that investigated the hack.
Douglas Grosfield, the founder and CEO of Five Nines IT Solutions, a Kitchener, Ont.-based strategic service provider, told CRN that "there's a perception that Apple [iOS] is more secure than Android"—though that may have never been true, and the perception may now be starting to erode.
"I don't think Apple devices are inherently any more or less secure than other vendors' devices," Grosfield said. "If you look at the Android world, and the percentage of the smartphone market that Android controls, it's obviously a much larger target from a sheer numbers perspective."
That may be why Android has been seen as less secure than iOS in the past. But Apple is becoming a "more desirable target" due to its proliferation of iPhones and iPads globally, Grosfield said
Apple said in a statement that, "We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5." Citizen Lab also confirmed that "Apple responded immediately" after the group informed Apple about the vulnerability.
Citizen Lab said that United Arab Emirates resident Ahmed Mansoor was the target of the cyberattack. If Mansoor had clicked on the link that was sent to him, the hackers would have become "capable of employing his iPhone's camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements," Citizen Lab wrote in its report.
"We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find," Citizen Lab wrote.
The disclosure of the vulnerability follows Apple's announcement earlier this month of a new plan to pay researchers that uncover security vulnerabilities in its products.