Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
IOS Security Apple

It's Almost Impossible To Tell If Your iPhone Has Been Hacked (vice.com) 124

An anonymous reader writes: A recent vulnerability in WhatsApp shows that there's little defenders can do to detect and analyze iPhone hacks. Some iOS security experts say this is yet another incident that shows iOS is so locked down it's hard -- if not impossible -- to figure out if your own iPhone has been hacked.

[...] "The simple reality is there are so many 0-day exploits for iOS," said Stefan Esser, a security researcher that specializes in iOS. "And the only reason why just a few attacks have been caught in the wild is that iOS phones by design hinder defenders to inspect the phones." As of today, there is no specific tool that an iPhone user can download to analyze their phone and figure out if it has been compromised. In 2016, Apple took down an app made by Esser that was specifically designed to detect malicious jailbreaks.

This discussion has been archived. No new comments can be posted.

It's Almost Impossible To Tell If Your iPhone Has Been Hacked

Comments Filter:
  • by fahrbot-bot ( 874524 ) on Tuesday May 14, 2019 @06:44PM (#58593726)

    "The simple reality is there are so many 0-day exploits for iOS," ...

    ... it just works. :-)

    • by MrKaos ( 858439 )

      "The simple reality is there are so many 0-day exploits for iOS," ...

      ... it just works. :-)

      kill -9 stability, netBSD after all.

  • by Anonymous Coward on Tuesday May 14, 2019 @06:47PM (#58593750)

    That is what letting a third party have root over "your" device, while you don't, means.
    You *chose* this situation. There were other easy, cheaper and convenient options. Nobody to blame but you.

    Nonetheless, given that this is de-facto Apple's device, and you handed over control, it is their job to keep it safe and look for hacks. Not yours.
    If they do not care if the device is hacked, that is their choice.

    If you now suddently want control, I tell you how to gain the ability to check for yourself: Ditch the device and buy one where you can! Duh.

    I'm sorry to say all this, as I know it will hurt you. But I'm not the one doing the harm here. No disrespect; I just think you were stupid for buying this thing in the first place.
    Not that you are stupid now, for not wanting that state anymore. I'm with you on that.

    • Other devices are just the same.

      You have to root them to get "full control" with the risk that the rooting tool is malware or that rotting turns harmless apps that require root but did not have it yet turn into malware.

      In the end, it is not hard to figure if your iPhone is hacked, just check its network access log.

    • by astrofurter ( 5464356 ) on Wednesday May 15, 2019 @12:10AM (#58594508)

      "There were other easy, cheaper and convenient options."

      No, there are not. Android and iOS together account for 99.999% of all smartphones available on the market today. Both are factory-p0wned at the hardware level. And both of them lock you into a prison state application ecosystem.(Let's deprecate the misleading euphemism "walled garden".)

  • iPhone != WhatsApp (Score:4, Informative)

    by Anonymous Coward on Tuesday May 14, 2019 @06:51PM (#58593762)

    It's Almost Impossible To Tell If Your iPhone Has Been Hacked

    Just because one shitty app (WhatsApp) has buffer overflows that allow code execution in app context, doesn't mean iOS has been compromised.

    What are some of the tools on other OSes that make it possible to tell if particular process is running injected code?

    BS article. It's not like we are dealing with remote jailbreak here.

    • What are some of the tools on other OSes that make it possible to tell if particular process is running injected code?

      On Linux, there's Tripwire [opensource.com], among other things.

      • by Anonymous Coward

        What are some of the tools on other OSes that make it possible to tell if particular process is running injected code?

        On Linux, there's Tripwire [opensource.com], among other things.

        But that doesn't tested in-process injection, just changes to images on disk. The WhatsApp vulnerability reads like the buffer overflow can leave additional code behind that becomes "part" of the running WhatsApp image, without changing the in-storage data. Is there a tool on any OS to detect that a particular process is running injected code?

      • by Anonymous Coward

        Tripwire does not do that. It tells you the on disk content has changed wrt matching a signature.

        Donâ(TM)t over-state the capability.

        This one is very like a byproduct of the fact that WhatsApp is a big blob of JavaScript interacting with a cross platform c library inside an App boundary.

        That pattern lends itself to this kind of exploit.

        Something built with a native toolchain (on Android or iOS) gets considerably better protections from the platform.

        • Something built with a native toolchain (on Android or iOS) gets considerably better protections from the platform.

          How would building with the native toolchain helped stop this bug here?

    • by Anonymous Coward

      DEP on Windows
      Stack canary, apparmor, selinux on linux, among others
      Apple doesn't give two shits about security and never did

  • It's a feature, not a bug.

    • I don't have a 'droid. It isn't 2006 anymore.

      Apple people are always so dated. I remember the Mac days of the early 90's when Mac advocates referred to anybody running a non-Apple computer as having an 'IBM' computer. It's almost the same as the way Amish people refer to all outsiders as 'English.'

  • by Alan Shutko ( 5101 ) on Tuesday May 14, 2019 @06:54PM (#58593776) Homepage

    I havenâ(TM)t read details about the WhatsApp hack but what I have read is that it only impacted that app, not other apps or system processes. So the sand boxing may have helped mitigate the damage.

    • by AHuxley ( 892839 )
      Re "mitigate"
      To a nations security service?
      To one police force?
  • It's Almost Impossible To Tell If Your iPhone Has Been Hacked

    Perhaps for you to tell but your friends might be able to tell quite easily and relay this fact back to you. The phishing emails sent from your phone to your mailing list being a giveaway.

    • Yea, that works as long as at least some of your friends are smart enough to not fall for the phishing emails.

  • It's closed (Score:4, Insightful)

    by MrKaos ( 858439 ) on Tuesday May 14, 2019 @07:19PM (#58593868) Journal

    It's about what you expect from anything proprietary, even if it's base is "open".

    • by Anonymous Coward

      Even with being open it still took 5 years to find the backspace grub bug https://www.theregister.co.uk/2015/12/17/press_backspace_28_times_to_own_any_grubby_linux_box/ and 20 years to find this linux bug https://bugzilla.kernel.org/show_bug.cgi?id=195869

      Being open doesn't mean much if you don't have the skill/time/eyes to look for things that shouldn't be there.

  • Sure would be nice if I could track what goes out.

  • by Anonymous Coward

    Between Intel ME, the garbage UEFI standard, IPMI, binary blob firmware on all your devices, operating systems that phone home to the mothership and receive orders at all times... on what machine is it *not* impossible to know if you've been hacked?

    I can trust the 8-bit CPU I built by hand from discrete TTL. Everything else, the reality is: you have no idea what that machine is doing really.

    • There are degrees of obscurity.

      An 8088 processor, or even a '286 comes from an era when they couldn't really use that many processor clock ticks for malevolent tasks. Even a Pentium 3 is from before the Management Engine.

  • by misnohmer ( 1636461 ) on Tuesday May 14, 2019 @07:39PM (#58593946)

    Even if you are hacked, Apple prefers you never find out about it. They'd rather you use a compromised phone than have a bad experience (finding out your phone has been hacked qualifies as bad experience). There are actual user experience studies out there that prove it too - customers are happier if they don't know when there is something wrong with the device or service they use. Hidden bonus for Apple is when the malicious software hinders your device to motivate you to buy a new iPhone.

    • If it wasn't so easy for them to build planned obsolescence in at the factory and maintain plausible deniability, I expect they would be actively developing and distributing (for example) battery-thrashing malware.
  • Weak article (Score:4, Informative)

    by dog77 ( 1005249 ) on Tuesday May 14, 2019 @07:58PM (#58594018)
    This article lacks facts to back up its claim that IOS is riddled with vulnerabilities. The Whatsapp vulnerability is the one example of a security flaw that the articles mentions and according to this New York Times source it occurs with both IOS and Android:

    https://www.nytimes.com/2019/0... [nytimes.com]
  • It's a shame other attempts to break into the market failed. Competition always produces better products.
    My personal favourite being Ubuntu touch, but also Sailfish I quite enjoyed. Despite not being my cup of tea, Windows Phone 7 & 8 were pretty solid too
    I was shocked Samsung didn't go further with Tizen but then I read (likely on /. ) that it's security was even worse than iOS or Android. Still, more competition would be nice.
  • Maybe they were holding it wrong.

  • Sure you can wireshark a local connection much easier than a cellular connection, but otherwise, if the device is pwned at a low enough level, there is about fuckall reason to expect obvious signs, if subterfuge was intended.

    Stuxnet shows the extreme conclusion of this...
    • Of course there won't be any obvious signs. The issue with Apple products is that you can't drill down into the firmware or bootloader to spot the non-obvious signs. On top of that, Apple refuses to provide any kind of useful scanner tool, and bars anyone else from providing one.

      The end-result is boatload of compromised phones in the wild, and no way for the individual to assess whether their phone is one of them. In Cook they trust, and he's told them their phone is fine, no need to investigate. See that
      • This is an example of an industry-wide problem that can *only* be fixed through regulation.

        How would regulations help? From the article:

        “The simple reality is there are so many 0-day exploits for iOS,” Stefan Esser, a security researcher that specializes in iOS, wrote on Twitter. “And the only reason why just a few attacks have been caught in the wild is that iOS phones by design hinder defenders to inspect the phones.”

        Would you force Apple to not sandbox apps so apps can inspect each other?(currently you can’t even tell what apps are installed without special privileges).

        You can inspect Apple’s bootloader’s assembly similarly to any other firmware. Apple does do a decent job of only allowing signed firmware/bootloaders from running... will signed firmwares become illegal?

  • by Anonymous Coward

    Long time Android user, it is a constant battle against malware and ads. Ads before every screen, gesture locking apps to keep malware from hitting the web, ick. Had a Galaxy S5, now deciding between S10+ or iPhone X Max. I have a Mac. I was planning on switching to iPhone though I hate locked downedness, because it is seen as so much higher security. Secondary would be integration with my Mac. I have no idea yet if I can even actually "use" it to perform tasks like I use a computer, beyond scheduling and

    • by Ormy ( 1430821 )
      I have an android phone (OnePlus 5) and I haven't seen an ad in months. 1.) Use a browser that blocks ads/javascript/3rd party cookies etc. I use Privacy Browser (FOSS, available on f-droid) but there's many others. 2.) Use a hosts file program (calm down apk, I'm not recommending your crappy software) to block ad requests from apps. I use Personal DNS filter, also FOSS and available on f-droid, again there are several alternatives. 3.) Use f-droid to find as many ad-free replacements for your current

We are each entitled to our own opinion, but no one is entitled to his own facts. -- Patrick Moynihan

Working...