In Depth

How iPhone bug may allow hackers to access users’ data

Experts say cybercriminals could have been exploiting flaw in in-built email app since 2018

A security flaw in Apple’s mobile operating system allows hackers to install software on iPhones without getting the victim to download an attachment or click on any links, according to new research.

Cybersecurity experts say hackers may have been exploiting the as-yet unfixed bug in the iPhone’s Mail app since January 2018, The Times reports.

What are the hackers doing?

Typically, “an attack on a phone requires a user to download the malware”, usually by clicking on a link in a message or on an attachment sent by the hackers, explains The Times. 

“Yet in this case, hackers send a blank email to the user. When the email is opened, a bug is triggered that causes the Mail app to crash, forcing the user to reboot it,” says the newspaper.

During the reboot, hackers can reportedly access information on the device, and remotely modify or delete emails.

How was it discovered?

The bug was discovered by San Francisco-based cybersecurity firm ZecOps, after researchers found suspicious lines of code on iPhones belonging to a client, The Washington Post reports.

Zuk Avraham, the company’s chief executive, told the newspaper that following months of investigations, his team realised that the code was connected to a previously unknown flaw in Apple’s email app. 

ZecOps alerted Apple in March about the issue, he said.

Apple has since confirmed that a fix will be included in upcoming software updates, Reuters reports.

In a statement, the California-based tech giant said: “We have thoroughly investigated the researcher’s report, and based on the information provided, have concluded these issues do not pose an immediate risk to our users. 

“The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers.”

–––––––––––––––––––––––––––––––For a round-up of the most important stories from around the world - and a concise, refreshing and balanced take on the week’s news agenda - try The Week magazine. Start your trial subscription today –––––––––––––––––––––––––––––––

Could your iPhone have been hacked?

In a blog post explaining the research findings, ZecOps said that the firm’s experts had “high confidence” that the flaws may have been used in attacks conducted by “an advanced threat operator”. 

However, most users probably have nothing to worry about.

The company added that “it had found evidence that the bug was used to attack well-known targets including individuals from a Fortune 500 company in North America, an executive from a mobile carrier in Japan, employees of technology companies in Saudi Arabia and Israel, a European journalist and an individual in Germany”, the BBC reports. 

ZecOps did not disclose the identities of these alleged victims.

Recommended

Senior general accuses US of ‘abandoning Afghanistan’
General David Petraeus during a 2010 visit to Kandahar, Afghanistan
The latest on . . .

Senior general accuses US of ‘abandoning Afghanistan’

Tanker attack escalates undeclared ‘shadow war’ between Israel and Iran
Saeed Khatibzadeh
Getting to grips with . . .

Tanker attack escalates undeclared ‘shadow war’ between Israel and Iran

Belarusian sprinter seeking asylum after refusing to return to Minsk
Krystsina Tsimanouskaya (left) alongside Beth Dobbin of Team GB
In Depth

Belarusian sprinter seeking asylum after refusing to return to Minsk

‘Pay for your own heart op’
Today's newspaper front pages
Today’s newspapers

‘Pay for your own heart op’

Popular articles

Why your AstraZeneca vaccine may mean no European holidays
Boris Johnson receives his second dose of the Oxford-AstraZeneca vaccine
Getting to grips with . . .

Why your AstraZeneca vaccine may mean no European holidays

‘Wobbling’ Moon will cause worldwide flooding, Nasa warns
Flooding in Florida after Hurricane Irma hit in 2017
Why we’re talking about . . .

‘Wobbling’ Moon will cause worldwide flooding, Nasa warns

What next as homes raided in search for Hancock affair whistle-blower?
Matt Hancock leaving No. 10 with Gina Coladangelo in May 2020
The latest on . . .

What next as homes raided in search for Hancock affair whistle-blower?

The Week Footer Banner