This is a shocking Significance: The government of Bahrain is said to have purchased and deployed sophisticated malware targeting human rights activists, including spyware that can control their iPhones without the victim’s interaction (no need to click on a link or grant permission).But equally disturbing Report this week The Citizen Lab from the University of Toronto may be, and it is becoming more and more familiar.
These”Zero click“The attack may occur on any platform, but a series of high-profile hacking attacks show that the attackers have locked down the weaknesses of Apple’s iMessage service to perform these attacks. Security researchers say the company’s efforts to solve the problem have not worked. , And the company can take other measures to protect its most risky users.
No interaction attack Targeting the current version of iOS is still extremely rare and almost exclusively used to target a small number of high-profile targets around the world. In other words, ordinary iPhone users are unlikely to encounter them.But the events in Bahrain showed that Apple’s effort Resolving iMessage risks for its most vulnerable users has not yet been fully successful. The question now is how much the company is willing to reduce the burden on its messaging platform.
Patrick Wardle, who has long been engaged in macOS and iOS security research, said: “It’s frustrating to think that there is still this undeletable app on iOS that can accept data and messages from anyone. If someone has zero clicks iMessage vulnerability, they can send it from anywhere in the world and hit you anytime, anywhere.”
Apple is indeed pushing for a comprehensive solution to the zero-click problem of iMessage in iOS 14. The most prominent of these new features, BlastDoor, is a quarantine area for incoming iMessage communications, designed to clear the iOS environment of potentially malicious components before they are fully attacked. But non-interactive attacks continue to emerge.This week’s Citizen Lab’s survey results and Research Two studies published by Amnesty International in July clearly showed that zero-click attacks have the potential to defeat BlastDoor.
Apple has not released a fix for this specific vulnerability and corresponding attack that Amnesty International called “Megalodon” and Citizen Lab called “ForcedEntry”. An Apple spokesperson told Wired magazine that it intends to strengthen the security of iMessage outside of BlastDoor, and that the new defense measures will be introduced in iOS 15 to be launched next month. But it is not clear what these further protection measures will bring, and it seems that there is no defense against the hacking of BlastDoor that both Amnesty International and Citizen Lab have observed.
Ivan Krstić, Apple’s head of security engineering and architecture, said in a statement: “An attack like the one described is very complex, costing millions of dollars in development, and usually has a short shelf life, and To target specific individuals.” “Although this means that they will not pose a threat to the vast majority of our users, we will continue to work tirelessly to protect all our customers.”
Security researchers said that the many functions and features of iMessage make it difficult to defend. its”Attack surface“It’s huge. Behind the scenes, a lot of code and tools are needed to make all these green and blue bubbles—as well as photos, videos, links, simulacrums, application integrations, etc.—run smoothly. The interconnection of another part of iOS has created new opportunities for attackers to find exploitable flaws. Since the emergence of iMessage zero-click a few years ago, it has become increasingly clear that the overall reduction of service vulnerabilities requires some epic renewal. Architecture-This seems unlikely.
However, if there is no thorough reform, Apple can still choose to deal with complex iMessage hacking attacks. The researchers suggest that the company can provide special settings, so at-risk users can choose to lock the messaging app on their devices. This may include options to completely block untrusted content such as images and links, and settings to prompt users before accepting messages from people who are not in their contacts.