In Depth

How iPhone bug may allow hackers to access users’ data

Experts say cybercriminals could have been exploiting flaw in in-built email app since 2018

A security flaw in Apple’s mobile operating system allows hackers to install software on iPhones without getting the victim to download an attachment or click on any links, according to new research.

Cybersecurity experts say hackers may have been exploiting the as-yet unfixed bug in the iPhone’s Mail app since January 2018, The Times reports.

What are the hackers doing?

Typically, “an attack on a phone requires a user to download the malware”, usually by clicking on a link in a message or on an attachment sent by the hackers, explains The Times. 

“Yet in this case, hackers send a blank email to the user. When the email is opened, a bug is triggered that causes the Mail app to crash, forcing the user to reboot it,” says the newspaper.

During the reboot, hackers can reportedly access information on the device, and remotely modify or delete emails.

How was it discovered?

The bug was discovered by San Francisco-based cybersecurity firm ZecOps, after researchers found suspicious lines of code on iPhones belonging to a client, The Washington Post reports.

Zuk Avraham, the company’s chief executive, told the newspaper that following months of investigations, his team realised that the code was connected to a previously unknown flaw in Apple’s email app. 

ZecOps alerted Apple in March about the issue, he said.

Apple has since confirmed that a fix will be included in upcoming software updates, Reuters reports.

In a statement, the California-based tech giant said: “We have thoroughly investigated the researcher’s report, and based on the information provided, have concluded these issues do not pose an immediate risk to our users. 

“The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers.”

–––––––––––––––––––––––––––––––For a round-up of the most important stories from around the world - and a concise, refreshing and balanced take on the week’s news agenda - try The Week magazine. Start your trial subscription today –––––––––––––––––––––––––––––––

Could your iPhone have been hacked?

In a blog post explaining the research findings, ZecOps said that the firm’s experts had “high confidence” that the flaws may have been used in attacks conducted by “an advanced threat operator”. 

However, most users probably have nothing to worry about.

The company added that “it had found evidence that the bug was used to attack well-known targets including individuals from a Fortune 500 company in North America, an executive from a mobile carrier in Japan, employees of technology companies in Saudi Arabia and Israel, a European journalist and an individual in Germany”, the BBC reports. 

ZecOps did not disclose the identities of these alleged victims.

Recommended

Human rights, Russian troops and rude town names
A protester is confronted by police
Podcast

Human rights, Russian troops and rude town names

Quiz of The Week
Boris Johnson and David Cameron in 2015
Quizzes and puzzles

Quiz of The Week

What is Donald Trump doing now?
Donald Trump
In Depth

What is Donald Trump doing now?

Why Denmark is stripping Syrians of residency
Refugees arriving in Lesbos, Greece, in 2015
In Depth

Why Denmark is stripping Syrians of residency

Popular articles

15 most expensive English towns outside of London
Virginia Water, Surrey
In Depth

15 most expensive English towns outside of London

What is Donald Trump doing now?
Donald Trump
In Depth

What is Donald Trump doing now?

Covid holiday test costs
Heathrow Terminal 5 passenger
Getting to grips with . . .

Covid holiday test costs