Apple iPhones Vulnerable To Contacts Hack, Shows New Research

Article Image Apple is Reportedly Paying $1M to Anyone Who Can Hack an iPhone

Security firm Check Point has demonstrated a technique being used to manipulate Apple's iOS Contacts app. "Windows 10, macOS, iOS, Chrome, Safari, Firefox and Android are popular users of SQLite".

If you know how to hack a phone, or know someone who does (or are even committed to doing the research yourself and figuring it out), you may want to listen up, because Apple is stepping up their cybersecurity game with a new "bug bounty" that's going to give hackers the opportunity to earn up to $1,000,000 if they can find security hacks.

"Wait, what? How come a four-year-old bug has never been fixed?" write Check Point's researchers in their report.

Worryingly, the researchers stated that once they replaced one of the more common databases with their own malicious version, they were able to gain code execution privileges on an iOS device when it was rebooted. But the SQLite is so versatile that it could be triggered in "many scenarios".

At the annual Black Hat security conference in Las Vegas last week on Thursday, Apple said it would open the process to all researchers, add Mac software and other targets to the research domain and offer a range of rewards, called "bounties", for the most significant findings. According to reports about the vulnerability, the devices which have been attacked are forced to run malware when users use the search feature in the Contacts app. And iOS is a closed ecosystem with no room for unknown apps.

Apple users have been warned that an iMessage security vulnerability has been discovered - this means that an attacker can read the files on a users iPhone without needing physical access to the device.

Picked up by AppleInsider, security firm Check Point has revealed it has found a way to hack every iPhone and iPad running iOS 8 right up to betas of iOS 13. In the past, the tech giant used to limit its bug bounty program to only a handful of friendly hackers.

Apple started its bounty program three years ago and only focused on its mobile platform, until now. The company in 2016 rewarded a bounty of $200,000 to the hackers to find out bugs in the iOS that would allow hackers to access the data in the devices.



Other news