Apple iPhones Vulnerable To Contacts Hack, Shows New Research

Apple iPhones Vulnerable To Contacts Hack, Shows New Research

SUMMARY

Apple's phones prone to SQLite database vulnerability

Researchers proved that a modified contacts database file can crash iPhones or steal data

Apple has not acknowledged the issue which was revealed at Defcon 2019

Apple devices such as iPhones, MacBooks and iPads have been known to be some of the more resilient on the market when it comes to malware. As Apple has a lower market share on a global scale in computers and smartphones, it doesn’t become the target of mass attacks all that often. Even so, there is no platform in the world which is 100% secure and the latest research from Check Point software shows that contacts saved on iPhones are vulnerable to hacking attacks that could infect the iPhones with malware.

For those unaware, SQLite is the most widespread database engine in the world and is used for development across platforms no matter the OS, browser or the device. SQLite vulnerabilities are thus rather serious in nature. Check Point demonstrated the SQLite hack technique at cybersecurity conference Defcon 2019 and proved that it can be used to manipulate the iOS Contacts app on iPhones. According to reports about the vulnerability, the devices which have been attacked are forced to run malware when users use the search feature in the Contacts app.

The company’s demo hack also bypasses the native system checks that Apple has put in place when devices are booted up. It replaces one part of Apple’s Contacts app and since an SQLite database is not executable, but rather just a reference database, the malware can be executed when the database is queried. The hackers have also built-in persistence, which means that a restart won’t rid the iPhone of the malware and thus evades Apple’s Secure Boot feature. Surprisingly, Apple has not responded to this vulnerability officially.

“Given the fact that SQLite is practically built-in to almost any platform, we think that we’ve barely scratched the tip of the iceberg when it comes to its exploitation potential. We hope that the security community will take this innovative research and the tools released and push it even further,” the researchers said.

Apple Acts On Privacy Fears

Apple had announced earlier this month that it would be rolling out an update to mobile operating system iOS to restrict apps such as Facebook’s Messenger, WhatsApp and other communication apps from making voice calls over the internet in the background. Apps are able to run calls in the background when using an iPhone even when the app has not been opened. This means such messaging and calling apps can be used at a faster pace, but it also lets them collect data in the background, without the user being aware of such an activity, while a voice call is active and running

In May, WhatsApp fixed a massive data vulnerability that left its over 1.5 Bn users at risk from malicious spyware. The data vulnerability which could have led to breaches and unauthorised malware installation has seemingly been present on WhatsApp for a number of years. The company reported having 400 Mn users in India last month.

The voice call vulnerability allowed attackers to inject spyware on phones with WhatsApp by using the app’s voice call function. The attack allowed hackers to surreptitiously install apps in the background during a voice call. The spyware was developed by Israeli cyber surveillance company NSO Group. However, in a statement, NSO said its technology is licensed to authorised government agencies “for the sole purpose of fighting crime and terror”. The company added that it does not operate the system itself and also has a rigorous licensing and vetting process.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Apple iPhones Vulnerable To Contacts Hack, Shows New Research-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Apple iPhones Vulnerable To Contacts Hack, Shows New Research-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Apple iPhones Vulnerable To Contacts Hack, Shows New Research-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Apple iPhones Vulnerable To Contacts Hack, Shows New Research-Inc42 Media
Apple iPhones Vulnerable To Contacts Hack, Shows New Research-Inc42 Media
You’re in Good company