This news just come to my view:
http://thehackernews.com/2016/03/how-to-hack-iphone.html
If I understood it well there is first a "man in the middle" attack, hacker get auth code which can then be used to send software to iOS devices.
Now it matter really little about how this specific attack has been done. If your OS allows remote installation of software like Apple and Google offer, then for sure you can hack it in some way to send your own stuff.
Sure it may be more complex, it may require loads of work and maybe it doesn't even really make sense to do, but what's clear is that is doable.
When I was working for one of the major banks one rule was the rule to follow: NEVER ever attach to internet the internal network. The bank network was completely cut off internet, and if you wanted / needed internet access then this particular PC would have just that but no company network connection. The goal being, if there is no link you can't attack. Or at least, you can't attack from outside without having somebody inside doing something.
Same on phones or anything connected, if you are connected you could be potentially be hacked. Don't trust ANYONE which will tell you that this or that device is safe, that's pure lies. It is safe till somebody will discover a way to hack it. Old phones which didn't allowed any 3rd party software to run, and didn't had any real connection beside SMS / voice calls could still suffer from some odd SMS or network attacks even if it wasn't maybe possible to do much as no 3rd party software would ever run. I still believe you could actually hack some of the features even there but as the hardware was limited, the software was near non-existent, so are the attacks vectors as well.
Think about the following, you could own an old computer at home which you don't connect to anything else. Now how could an attacker attack it? From outside your home? Impossible, so only if they reach the computer they could load some malware / virus or others on it. This would really limit the widespread of any attacks.
Of course we DO WANT to be connected, we DO WANT to have more and more software running on our gadgets, and yet we expect to be safe? No way. The more lines of code the more bugs, and the more bugs the bigger chances we get hacked or get malware on our beloved gadget.
At the end of the day, if you don't have data connections, you don't have Bluetooth, and you use your phone only to take pictures and call people (with some SMS maybe), I can tell you that it will be much safer than even the latest release of any other gadget. Yet don't be fooled even SMS can be a vector of attack like this article points out:
http://www.pcworld.com/article/246528/remote_sms_attack_can_force_mobile_phones_to_send_premiumrate_text_messages.html
(If you search for SMS attacks you will find loads of info)
To come back to the first article, where iOS devices can be hacked, well, what upset me is that a company (in this case Apple) sell its device as really secure, and others talk about how secure iOS is compared to Android:
https://www.sophos.com/en-us/security-news-trends/security-trends/malware-goes-mobile/why-ios-is-safer-than-android.aspx
That is all smoke! Any OS (and really any OS!) can be hacked. It is just a matter of the money you put to try to hack it. Don't try to tell me that this is safer, I will not believe it. And the safety by obfuscation (as Apple played all the time) is one of the worse way to make your product safe.
No comments:
Post a Comment