iPhone,iPad的缺陷可能使黑客窃取多年数据

最大赞力
0.00
当前赞力
100.00%
环球邮报的报道:
Flaw in iPhone, iPads may have allowed hackers to steal data for years

Apple Inc. is planning to fix a flaw that a security firm said may have left more than half a billion iPhones vulnerable to hackers.

The bug, which also exists on iPads, was discovered by ZecOps, a San Francisco-based mobile security forensics company, while it was investigating a sophisticated cyberattack against a client that took place in late 2019. Zuk Avraham, ZecOps’ chief executive, said he found evidence the vulnerability was exploited in at least six cybersecurity break-ins.

An Apple spokesman acknowledged that a vulnerability exists in Apple’s software for email on iPhones and iPads, known as the Mail app, and that the company had developed a fix, which will be rolled out in a forthcoming update on millions of devices it has sold globally.

Apple declined to comment on Mr. Avraham’s research, which was published on Wednesday, that suggests the flaw could be triggered from afar and that it had already been exploited by hackers against high-profile users.

Mr. Avraham said he found evidence that a malicious program was taking advantage of the vulnerability in Apple’s iOS mobile operating system as far back as January, 2018. He could not determine who the hackers were and Reuters was unable to independently verify his claim.

To execute the hack, Mr. Avraham said, victims would be sent an apparently blank email message through the Mail app, forcing a crash and reset. The crash opened the door for hackers to steal other data on the device, such as photos and contact details.

ZecOps claims the vulnerability allowed hackers to remotely steal data off iPhones even if they were running recent versions of iOS. By itself, the flaw could have given access to whatever the Mail app had access to, including confidential messages.


Mr. Avraham, a former Israeli Defense Forces security researcher, said he suspected that the hacking technique was part of a chain of malicious programs, the rest undiscovered, which could have given an attacker full remote access. Apple declined to comment on that prospect.

ZecOps found the Mail app hacking technique was used against a client last year. Mr. Avraham described the targeted client as a “Fortune 500 North American technology company,” but declined to name it. They also found evidence of related attacks against employees of five other companies in Japan, Germany, Saudi Arabia and Israel.

Mr. Avraham based most of his conclusions on data from “crash reports,” which are generated when programs fail in mid-task on a device. He was then able to recreate a technique that caused the controlled crashes.

Two independent security researchers who reviewed ZecOps’ discovery found the evidence credible, but said they had not yet fully recreated its findings.

Patrick Wardle, an Apple security expert and former researcher for the U.S. National Security Agency, said the discovery “confirms what has always been somewhat of a rather badly kept secret: that well-resourced adversaries can remotely and silently infect fully patched iOS devices.”

Because Apple was not aware of the software bug until recently, it could have been very valuable to governments and contractors offering hacking services. Exploit programs that work without warning against an up-to-date phone can be worth more than US$1-million.

While Apple is largely viewed within the cybersecurity industry as having a high standard for digital security, any successful hacking technique against the iPhone could affect millions due to the device’s global popularity. In 2019, Apple said there were about 900 million iPhones in active use.

Bill Marczak, a security researcher with Citizen Lab, a Canada-based academic security research group, called the vulnerability discovery “scary.”

“A lot of times, you can take comfort from the fact that hacking is preventable,” Mr. Marczak said. “With this bug, it doesn’t matter if you’ve got a PhD in cybersecurity, this will eat your lunch.”

 
最大赞力
0.00
当前赞力
100.00%
I don’t think hacking is ever preventable :giggle:
一般来说如果收到奇怪的邮件,我们都不会打开,直接删除。
但按照这篇报道所说,好像是黑客发一封空白的邮件,而这封邮件因为iPhone, iPad Mail App的Bug, 可以导致iPhone, iPad崩溃并自动重置,然后开门给黑客进入。这才是最可怕的。
我以前一直强调不要用手机银行App 或是手机Pay App 等,就是基于此种原因。手机的防护功能一般没有电脑那么强大。
 
最大赞力
0.00
当前赞力
100.00%
一般来说如果收到奇怪的邮件,我们都不会打开,直接删除。
但按照这篇报道所说,好像是黑客发一封空白的邮件,而这封邮件因为iPhone, iPad Mail App的Bug, 可以导致iPhone, iPad崩溃并自动重置,然后开门给黑客进入。这才是最可怕的。
我以前一直强调不要用手机银行App 或是手机Pay App 等,就是基于此种原因。手机的防护功能一般没有电脑那么强大。
我认为都不安全,App 就更不安全了。
 

Similar threads

家园推荐黄页

家园币系统数据

家园币池子报价
家园币最新成交价
家园币总发行量
加元现金总量
家园币总成交量
家园币总成交价值

池子家园币总量
池子加元现金总量
池子币总量
1池子币现价
池子家园币总手续费
池子加元总手续费
入池家园币年化收益率
入池加元年化收益率

微比特币最新报价
毫以太币最新报价
微比特币总量
毫以太币总量
家园币储备总净值
家园币比特币储备
家园币以太币储备
比特币的加元报价
以太币的加元报价
USDT的加元报价

交易币种/月度交易量
家园币
加元交易对(比特币等)
USDT交易对(比特币等)
顶部