This is not your average celebrity; the iPhone has been around for a decade. Without a doubt, it has been the center of consumer obsession. Thanks to its magnetic power, it has caught the eyes of hackers of every ilk, from seedy government contractors to white hats hoping to help Apple fix its mistakes.
So, let’s celebrate the device’s tenth birthday with these 5 significant iPhone hacks.
What is XcodeGhost?
XcodeGhost is a new iOS malware arising from a malicious version of Xcode, Apple’s official tool for developing iOS and OS X apps.
How does XcodeGhost put my iOS devices at risk?
iOS apps infected with XcodeGhost malware can and do collect information about devices and then encrypt and upload that data to command and control (C2) servers run by attackers through the HTTP protocol. The system and app information that can be collected includes:
- Current time
- Current infected app’s name
- The app’s bundle identifier
- Current device’s name and type
- Current system’s language and country
- Current device’s UUID
- Network type
One-text hack could allow an attacker to take over and fully control an iPhone remotely by simply clicking a link. One-text hack works as soon as a multimedia message was received and would hand over authentication information to the hacker.
The iMessage “Effective Power” bug (or “Unicode of Death”) would cause any iPhone in lock mode to repeatedly crash. The message simply read: “effective. Power لُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ 冗”.
Apple couldn’t issue a software fix right away, so chose instead to offer a temporary fix before a full patch later in the summer. Given the number of users venting their annoyance across Reddit and Twitter, it may have been one of the most widely exploited iOS vulnerabilities ever.
Jailbreaking exploded in the early years of the iPhone. As hackers young and old broke down Apple’s security measures designed to keep devices under its control, a perpetual cat and mouse game emerged.
One of the more significant jailbreaks of during those heady days was Jailbreakme, created by then-teenager and future Apple employee Nicholas Allegra, then known only by his handle Comex. The first came in 2007, followed by sequels in 2010 and 2011.
To many in the community, Apple has improved a great deal since then, but jailbreaks continue to rain down, as global research teams seek to peal away the added layers of security.
Apple’s iOS 9 had a security flaw with a new zero-day vulnerability called Trident, which could allow the iPhone to be jailbroken, and then used to spy on the customer. But Apple, which is known to take device security very seriously, has responded to threat quickly and issued a new security update 9.3.5 for iOS users. Trident allows hackers to take full control of iPhones with a single click. The Trident vulnerabilities were being exploited by a software package called “Pegasus”.