It's Almost Impossible To Tell If Your iPhone Has Been Hacked (vice.com) 124
An anonymous reader writes: A recent vulnerability in WhatsApp shows that there's little defenders can do to detect and analyze iPhone hacks. Some iOS security experts say this is yet another incident that shows iOS is so locked down it's hard -- if not impossible -- to figure out if your own iPhone has been hacked.
[...] "The simple reality is there are so many 0-day exploits for iOS," said Stefan Esser, a security researcher that specializes in iOS. "And the only reason why just a few attacks have been caught in the wild is that iOS phones by design hinder defenders to inspect the phones." As of today, there is no specific tool that an iPhone user can download to analyze their phone and figure out if it has been compromised. In 2016, Apple took down an app made by Esser that was specifically designed to detect malicious jailbreaks.
[...] "The simple reality is there are so many 0-day exploits for iOS," said Stefan Esser, a security researcher that specializes in iOS. "And the only reason why just a few attacks have been caught in the wild is that iOS phones by design hinder defenders to inspect the phones." As of today, there is no specific tool that an iPhone user can download to analyze their phone and figure out if it has been compromised. In 2016, Apple took down an app made by Esser that was specifically designed to detect malicious jailbreaks.
I guess Apple was right ... (Score:4)
"The simple reality is there are so many 0-day exploits for iOS," ...
Re: (Score:2)
Well... I can go buy iphone 0-days off the dark web. I can't buy FTL drives... or can I !
Re: (Score:2)
Pfft... I can always create time dilation effects much more simply with good old LSD.
Re: (Score:2)
"The simple reality is there are so many 0-day exploits for iOS," ...
kill -9 stability, netBSD after all.
Because it is always "hacked". (Score:5, Interesting)
That is what letting a third party have root over "your" device, while you don't, means.
You *chose* this situation. There were other easy, cheaper and convenient options. Nobody to blame but you.
Nonetheless, given that this is de-facto Apple's device, and you handed over control, it is their job to keep it safe and look for hacks. Not yours.
If they do not care if the device is hacked, that is their choice.
If you now suddently want control, I tell you how to gain the ability to check for yourself: Ditch the device and buy one where you can! Duh.
I'm sorry to say all this, as I know it will hurt you. But I'm not the one doing the harm here. No disrespect; I just think you were stupid for buying this thing in the first place.
Not that you are stupid now, for not wanting that state anymore. I'm with you on that.
Re:Because it is always "hacked". (Score:5, Interesting)
Other devices are just the same.
You have to root them to get "full control" with the risk that the rooting tool is malware or that rotting turns harmless apps that require root but did not have it yet turn into malware.
In the end, it is not hard to figure if your iPhone is hacked, just check its network access log.
Re: (Score:2)
My iPhone only sends stuff to Apple when I visit the iTunes store or the App store ... no idea where you get the idea from that it would send encrypted data to Apple.
Re: Because it is always "hacked". (Score:5, Interesting)
"There were other easy, cheaper and convenient options."
No, there are not. Android and iOS together account for 99.999% of all smartphones available on the market today. Both are factory-p0wned at the hardware level. And both of them lock you into a prison state application ecosystem.(Let's deprecate the misleading euphemism "walled garden".)
Re: Because it is always "hacked". (Score:4, Interesting)
Buy an older device and install Lineage OS. Something like an LG flagship from 5 years ago can be had on eBay in excellent condition for 50 bucks, and runs great with Lineage. You even get a headphone jack.
Re: (Score:2)
Re: (Score:2)
That would be a fair argument against Clinton but those numbers count the general so are meaningless in relation to Sanders. A lot of people voted for some nutjob third party or None of the above rather than support the impression either of those candidates has the broad support of the democracy.
Now we see if they sandbag Sanders in another back alley plot and then complain when outraged people vote against corruption again.
Re: (Score:2)
Voted Trump then, right? He raised the most small-donor money. Clinton was owned by large donors.
Trump was the greater of evils in that election, but I live in California and it was going to select Clinton regardless, so I voted for Stein as the sole candidate who cared sufficiently about AGW, even though she pandered to anti-vaxxers.
Re: (Score:1)
"I'll go down this Offtopic rabbit hole with ya."
Yeah, I made a token effort to tie it in but I knew what I did.
"That's why it's so important to support those candidates who refuse to take money from big corporate donors."
I agree. Of course the current game on the D side is to clone everything Sanders did the last time whilst also spinning him as being too old. If he isn't establishment and doesn't fit with a snide "they act like experience is a crime" narrative then get him for having too much experience!
Re: (Score:2)
Of course the current game on the D side is to clone everything Sanders did the last time whilst also spinning him as being too old.
If they clone enough of what he did, then they will become him. I doubt they can clone enough of what he did into one of their chosen candidates to actually get them elected, though.
If they woulda just run Sanders last time, he would have won. I wonder how many Trumps we have to have before they learn, and whether what little democracy we have will survive them.
Re: (Score:2)
"If they clone enough of what he did, then they will become him."
They'll sound like him. Saying the sames things doesn't mean the same follow through and really that is what Sanders has that nobody on the field has and can't generate. He has decades of actual follow through and staying on point even in the face of strong opposition and ridicule.
I doubt they can clone enough of what he did into one of their chosen candidates to actually get them elected, though."
No, but they don't need to, they just
iPhone != WhatsApp (Score:4, Informative)
It's Almost Impossible To Tell If Your iPhone Has Been Hacked
Just because one shitty app (WhatsApp) has buffer overflows that allow code execution in app context, doesn't mean iOS has been compromised.
What are some of the tools on other OSes that make it possible to tell if particular process is running injected code?
BS article. It's not like we are dealing with remote jailbreak here.
Re: (Score:3)
What are some of the tools on other OSes that make it possible to tell if particular process is running injected code?
On Linux, there's Tripwire [opensource.com], among other things.
Re: (Score:1)
What are some of the tools on other OSes that make it possible to tell if particular process is running injected code?
On Linux, there's Tripwire [opensource.com], among other things.
But that doesn't tested in-process injection, just changes to images on disk. The WhatsApp vulnerability reads like the buffer overflow can leave additional code behind that becomes "part" of the running WhatsApp image, without changing the in-storage data. Is there a tool on any OS to detect that a particular process is running injected code?
Re: iPhone != WhatsApp (Score:1)
Tripwire does not do that. It tells you the on disk content has changed wrt matching a signature.
Donâ(TM)t over-state the capability.
This one is very like a byproduct of the fact that WhatsApp is a big blob of JavaScript interacting with a cross platform c library inside an App boundary.
That pattern lends itself to this kind of exploit.
Something built with a native toolchain (on Android or iOS) gets considerably better protections from the platform.
Re: (Score:2)
Something built with a native toolchain (on Android or iOS) gets considerably better protections from the platform.
How would building with the native toolchain helped stop this bug here?
Re: (Score:2)
Whatabboutism is invariably used to shield hypocrisy and double standards.
Re: (Score:1)
DEP on Windows
Stack canary, apparmor, selinux on linux, among others
Apple doesn't give two shits about security and never did
But your Droid is hacked (Score:2, Funny)
It's a feature, not a bug.
Re: (Score:1)
I don't have a 'droid. It isn't 2006 anymore.
Apple people are always so dated. I remember the Mac days of the early 90's when Mac advocates referred to anybody running a non-Apple computer as having an 'IBM' computer. It's almost the same as the way Amish people refer to all outsiders as 'English.'
Did iOS limit the scope? (Score:3)
I havenâ(TM)t read details about the WhatsApp hack but what I have read is that it only impacted that app, not other apps or system processes. So the sand boxing may have helped mitigate the damage.
Re:Did iOS limit the scope? (Score:5, Informative)
Hacking whatsapp gets you access to these:
Background App Refresh
Calendars
Camera
Contacts
Location (while using)
Microphone
Mobile Data
Notifications
Photos (read and write)
Siri suggestions
So, sandbox or not, you will have arbitrary code running with these permissions.
Re: (Score:2)
Only if the user is stupid enough to grant all of them to Whatsapp.
Considering which company owned Whatsapp, you would be a fool to grant it access to your Calendars, Camera, Location and Microphone. No, I won't take Whatsapp calls, my phone works perfectly fine for phone calls, which you already have my number.
Photos, you can grant only when you send or save pictures.
Contacts was granted reluctantly due to the recent sh*t move for Whatsapp to show only phone numbers in your chat log if you denied it acces
Android does the same. (Score:1)
As does any OS with a form of RBAC (role-based access control). Which is built into Linux, but usually disabled because it is a major hassle to make compatible with actually doing shit on the system. (Like updating or setting up a service.) And because software you can put possibly hackable software into a isolation container, and software usually comes from the package management system and is expecred to be verified. (Although I think OpenSSL clearly showed it isn't.)
Re: (Score:1)
To a nations security service?
To one police force?
Perhaps for you but not necessarily friends (Score:2)
It's Almost Impossible To Tell If Your iPhone Has Been Hacked
Perhaps for you to tell but your friends might be able to tell quite easily and relay this fact back to you. The phishing emails sent from your phone to your mailing list being a giveaway.
Re: (Score:1)
Yea, that works as long as at least some of your friends are smart enough to not fall for the phishing emails.
It's closed (Score:4, Insightful)
It's about what you expect from anything proprietary, even if it's base is "open".
See: stage0 and mes (Score:2)
if you're not writing your own compiler from scratch in machine code you're someone else's BITCH.
Fortunately, some people have decided they don't want to be Rick James' bitch anymore. So they're writing a hex monitor from scratch, then assemblers of increasing sophistication on top of that monitor, leading up to a C compiler written in assembly language. See stage0 by Jeremiah Orians [miraheze.org] and mes by janneke [miraheze.org].
Re: (Score:3)
I think this is good, but in all seriousness, how do we know they haven't been compromised, either knowingly or unknowingly?
To be clear, I'm not saying they are, I'm just saying that these days it's damn near impossible to trust anything unless you literally create the entire toolchain yourself in a secure environment, including the chip fabrication.
Even Intel admits that the chance of a malicious actor inserting something naughty in their chip masks is likely beyond their ability to detect. I can't find th
Re: (Score:2)
There are ways to know all of these things though -- traffic can be intercepted. If your device is sending traffic to unknown endpoints, for unknown reasons, it warrants further investigation. Now maybe that won't detect a hack that doesn't transmit information, but the usefulness and/or risk of a hack like that is very low indeed, in most scenarios -- nuclear fuel enrichment centrifuge firmware notwithstanding.
Re: (Score:2)
There are ways to know all of these things though -- traffic can be intercepted.
I can think of one or two ways to get info out that would be difficult to detect, even with traffic monitoring, but they're probably not super-practical.
The hack could wait until you sent an email or uploaded an image. Steganography could be used for an image and the image (assuming it's accessible on the web) could then be grabbed and decoded. For an email it might BCC a copy with embedded info, and I'd guess that few people check the outgoing list of recipients for email they send.
Again, these aren't terr
Re: (Score:2)
these days it's damn near impossible to trust anything unless you literally create the entire toolchain yourself in a secure environment, including the chip fabrication.
Kevin Horton wire wrapped his own computer out of NAND gates a few years ago. See NANDputer [hackaday.com]. Keeping a few of those around as museum pieces, used only occasionally to verify the first stages of the bootstrap, would limit the scope of what a malicious actor could do.
Re: (Score:1)
Even with being open it still took 5 years to find the backspace grub bug https://www.theregister.co.uk/2015/12/17/press_backspace_28_times_to_own_any_grubby_linux_box/ and 20 years to find this linux bug https://bugzilla.kernel.org/show_bug.cgi?id=195869
Being open doesn't mean much if you don't have the skill/time/eyes to look for things that shouldn't be there.
Re: (Score:2)
Yeah, because nobody running the "open" Android ever gets hacked. Ever.
Is that what I said or what you said?
Moron.
back at ya
Little Snitch for iPhone? (Score:2)
Sure would be nice if I could track what goes out.
As opposed to what? (Score:1)
Between Intel ME, the garbage UEFI standard, IPMI, binary blob firmware on all your devices, operating systems that phone home to the mothership and receive orders at all times... on what machine is it *not* impossible to know if you've been hacked?
I can trust the 8-bit CPU I built by hand from discrete TTL. Everything else, the reality is: you have no idea what that machine is doing really.
Re: (Score:1)
There are degrees of obscurity.
An 8088 processor, or even a '286 comes from an era when they couldn't really use that many processor clock ticks for malevolent tasks. Even a Pentium 3 is from before the Management Engine.
Ignorance is bliss (Score:3)
Even if you are hacked, Apple prefers you never find out about it. They'd rather you use a compromised phone than have a bad experience (finding out your phone has been hacked qualifies as bad experience). There are actual user experience studies out there that prove it too - customers are happier if they don't know when there is something wrong with the device or service they use. Hidden bonus for Apple is when the malicious software hinders your device to motivate you to buy a new iPhone.
Re: (Score:2)
Weak article (Score:4, Informative)
https://www.nytimes.com/2019/0... [nytimes.com]
Re: (Score:2)
Those weren't leaked from iPhones. Those were leaked from badly secured cloud accounts. Gee, bad passwords never led to breeches elsewhere.
Re: (Score:2)
As opposed to all those other devices where they pop up a happy warning? You know those popups as you surf the web are lying cons, right?
Re: (Score:3)
Android is no better (Score:2)
My personal favourite being Ubuntu touch, but also Sailfish I quite enjoyed. Despite not being my cup of tea, Windows Phone 7 & 8 were pretty solid too
I was shocked Samsung didn't go further with Tizen but then I read (likely on
Maybe.......... (Score:2)
Maybe they were holding it wrong.
Couldn't this be said about nearly anything? (Score:2)
Stuxnet shows the extreme conclusion of this...
Re: (Score:2)
The end-result is boatload of compromised phones in the wild, and no way for the individual to assess whether their phone is one of them. In Cook they trust, and he's told them their phone is fine, no need to investigate. See that
Re: (Score:1)
This is an example of an industry-wide problem that can *only* be fixed through regulation.
How would regulations help? From the article:
“The simple reality is there are so many 0-day exploits for iOS,” Stefan Esser, a security researcher that specializes in iOS, wrote on Twitter. “And the only reason why just a few attacks have been caught in the wild is that iOS phones by design hinder defenders to inspect the phones.”
Would you force Apple to not sandbox apps so apps can inspect each other?(currently you can’t even tell what apps are installed without special privileges).
You can inspect Apple’s bootloader’s assembly similarly to any other firmware. Apple does do a decent job of only allowing signed firmware/bootloaders from running... will signed firmwares become illegal?
Security is why considering move to iPhone (Score:2, Informative)
Long time Android user, it is a constant battle against malware and ads. Ads before every screen, gesture locking apps to keep malware from hitting the web, ick. Had a Galaxy S5, now deciding between S10+ or iPhone X Max. I have a Mac. I was planning on switching to iPhone though I hate locked downedness, because it is seen as so much higher security. Secondary would be integration with my Mac. I have no idea yet if I can even actually "use" it to perform tasks like I use a computer, beyond scheduling and
Re: (Score:2)