There are around 900 million active iPhone devices in the world and according to a security firm, most of them might be susceptible to hacking. The worst part is, Apple has allegedly known about it for four years and has yet to fix the loophole. Here's what we know.
Check Point, a cybersecurity firm, pointed out a flaw in Apple's 'Contacts' app at the 2019 Def Con hacking conference. The Contacts app runs off the SQLite database engine, widely used by Windows 10, macOS, iOS, Chrome, Safari, Firefox and Android, but Check Point demonstrated it could be easily manipulated for something malicious.
"In short, we can gain control over anyone who queries our SQLite-controlled database," Check Point provided us in a media statement.
The cybersecurity firm detailed the security flaw in a 4000-word report, sighted by AppleInsider, explaining it was caused by an oversight.
"Up until now, querying a database was never considered dangerous," the statement said.
Apple’s products have a reputation for being pretty secure, but they aren’t perfect. Now, if you’re a great security researcher or white-hat hacker — and you want to go after other Apple devices and services beyond just iOS and iCloud — you can earn a lot of cash.
"We bypassed Apples trusted secure boot mechanism and gained administrative permissions on the latest iPhone."
Broken down, Check Point said they were able to make a trusted Apple app send a code to SQLite, which runs the Contacts app, to trigger this bug.
This loophole apparently affects a broad range of devices from iOS 8 up to betas of iOS 13.
There are around 1.4 billion active Apple devices around the world, according to figures given by Apple CEO Tim Cook earlier this year. While this figure includes laptops, televisions and watches, the majority of them, 900 million to be exact, are iPhones. (This doesn't mean one-sixth of the world has an Apple device, however; it's more likely consumers have multiple iPhone or iPads.)
How do I fix my phone's vulnerability?
There's not much you really can do. When an iPhone is rebooted, Apple runs Secure Boot, which forces all executable files (apps, for example) to be signed. This is usually where a malicious code would fail but Check Point's remained due to SQLite not being signed. In other words, the ball's really in Apple's court.
The thing is, Check Point needed access to an unlocked phone in order to replace part of the Contacts app's code so as long as you're not leaving your unsupervised and unlocked phone lying around, it's a good start to not being hacked.
Why hasn't Apple fixed this for four years?
It's a pretty obvious question. If Apple has known about the flaw for years, why haven't they just closed it off already? Essentially, Check Point said it's because it seemed to only be a flaw in the context of an open system, which iPhones are not.
"We established that simply querying a database may not be as safe as you expect," Check Point's document said.
"We proved that memory corruption issues in SQLite can now be reliably exploited."
Check Point said it has provided the information to Apple in order to fix up the bug.