Skip to main content

1% of the Top Hackers Targeting to Burrow (Hack) into Apple's iPhone and iPad iOS.




You’ve heard of Apple’s famous walled garden, the tightly controlled tech ecosystem that gives the company unique control of features and security. All apps go through a strict Apple approval process, they are confined so sensitive information isn’t gathered on the phone, and developers are locked out of places they’d be able to get into in other systems. The barriers are so high now that it’s probably more accurate to think of it as a castle wall. 

Virtually every expert agrees that the locked-down nature of iOS has solved some fundamental security problems, and that with these restrictions in place, the iPhone succeeds spectacularly in keeping almost all the usual bad guys out. But when the most advanced hackers do succeed in breaking in, something strange happens: Apple’s extraordinary defenses end up protecting the attackers themselves.


Related Story.


Inside NSO, Israel's billion-dollar spyware giant.


The world’s most notorious surveillance company says it wants to clean up its act. Go on, we’re listening.

“It’s a double-edged sword,” says Bill Marczak, a senior researcher at the cybersecurity watchdog Citizen Lab. “You’re going to keep out a lot of the riffraff by making it harder to break iPhones. But the 1% of top hackers are going to find a way in and, once they’re inside, the impenetrable fortress of the iPhone protects them.”

Marczak has spent the last eight years hunting those top-tier hackers. His research includes the groundbreaking 2016 "Million Dollar Dissident“ report that introduced the world to the Israeli hacking company NSO Group. And in December, he was the lead author of a report titled "The Great iPwn“, detailing how the same hackers allegedly targeted dozens of Al Jazeera journalists.

He argues that while the iPhone’s security is getting tighter as Apple invests millions to raise the wall, the best hackers have their own millions to buy or develop zero-click exploits that let them take over iPhones invisibly. These allow attackers to burrow into the restricted parts of the phone without ever giving the target any indication of having been compromised. And once they’re that deep inside, the security becomes a barrier that keeps investigators from spotting or understanding nefarious behavior—to the point where Marczak suspects they’re missing all but a small fraction of attacks because they cannot see behind the curtain.

This means that even to know you’re under attack, you may have to rely on luck or vague suspicion rather than clear evidence. The Al Jazeera journalist Tamer Almisshal contacted Citizen Lab after he received death threats about his work in January 2020, but Marczak’s team initially found no direct evidence of hacking on his iPhone. They persevered by looking indirectly at the phone’s internet traffic to see who it was whispering to, until finally, in July last year, researchers saw the phone pinging servers belonging to NSO. It was strong evidence pointing toward a hack using the Israeli company’s software, but it didn’t expose the hack itself.

Sometimes the locked-down system can backfire even more directly. When Apple released a new version of iOS last summer in the middle of Marczak’s investigation, the phone’s new security features killed an unauthorized “jailbreak” tool Citizen Lab used to open up the iPhone. The update locked him out of the private areas of the phone, including a folder for new updates—which turned out to be exactly where hackers were hiding.

Faced with these blocks, “we just kind of threw our hands up,” says Marczak. “We can’t get anything from this—there’s just no way".


Beyond the phone.

Ryan Stortz is a security engineer at the firm Trail of Bits. He leads development of iVerify, a rare Apple-approved security app that does its best to peer inside iPhones while still playing by the rules set in Cupertino. iVerify looks for security anomalies on the iPhone, such as unexplained file modifications—the sort of indirect clues that can point to a deeper problem. Installing the app is a little like setting up trip wires in the castle that is the iPhone: if something doesn’t look the way you expect it to, you know a problem exists.

But like the systems used by Marczak and others, the app can’t directly observe unknown malware that breaks the rules, and it is blocked from reading through the iPhone’s memory in the same way that security apps on other devices do. The trip wire is useful, but it isn’t the same as a guard who can walk through every room to look for invaders.

“You’re going to keep out a lot of the riffraff by making it harder to break iPhones. But the 1% of top hackers are going to find a way in and, once they’re inside, the impenetrable fortress of the iPhone protects them.”

Bill Marczak, Citizen Lab

Despite these difficulties, Stortz says, modern computers are converging on the lockdown philosophy—and he thinks the trade-off is worth it. “As we lock these things down, you reduce the damage of malware and spying,” he says.

This approach is spreading far beyond the iPhone. In a recent briefing with journalists, an Apple spokesperson described how the company’s Mac computers are increasingly adopting the iPhone’s security philosophy: its newest laptops and desktops run on custom-built M1 chips that make them more powerful and secure, in part by increasingly locking down the computer in the same ways as mobile devices.

“iOS is incredibly secure. Apple saw the benefits and has been moving them over to the Mac for a long time, and the M1 chip is a huge step in that direction,” says security researcher Patrick Wardle.


Macs were moving in this direction for years before the new hardware, Wardle adds. For example, Apple doesn’t allow Mac security tools to analyze the memory of other processes—preventing apps from checking any room in the castle aside from their own.

These rules are meant to safeguard privacy and prevent malware from accessing memory to inject malicious code or steal passwords. But some hackers have responded by creating memory-only payloads—code that exists in a place where Apple doesn’t allow outside security tools to pry. It’s a game of hide and seek for those with the greatest skill and most resources.

“Security tools are completely blind, and adversaries know this,” Wardle says.

It’s just not Apple, says Aaron Cockerill, chief strategy officer at the mobile security firm Lookout: “Android is increasingly locked down. We expect both Macs and ultimately Windows will increasingly look like the opaque iPhone model.” 

“We endorse that from a security perspective,” he says, “but it comes with challenges of opacity.”

In fact, Google’s Chromebook—which limits the ability to do anything outside the web browser—might be the most locked-down device on the market today. Microsoft, meanwhile, is experimenting with Windows S, a locked-down flavor of its operating system that is built for speed, performance, and security. 

These companies are stepping back from open systems because it works, and security experts know it. Bob Lord, the chief security officer for the Democratic National Committee, famously recommends that everyone who works for him—and most other people, too—only use an iPad or a Chromebook for work, specifically because they’re so locked down. Most people don’t need vast access and freedom on their machine, so closing it off does nothing to harm ordinary users and everything to shut out hackers. 

But it does hurt researchers, investigators, and those who are working on defense. So is there a solution?

Making the trade-offs

In theory, Apple could choose to grant certain entitlements to known defenders with explicit permission from users, allowing a little more freedom to investigate. But that opens doors that can be exploited. And there is another consequence to consider: every government on earth wants Apple’s help to open up iPhones. If the company created special access, it’s easy to imagine the FBI knocking, a precarious position Apple has spent years trying to avoid.


Related Story


Google says, it's too easy for hackers to find new security flaws.

Attackers are exploiting the same types of software vulnerabilities over and over again, because companies often miss the forest for the trees.

“I would hope for a framework where either the owner of a device or someone they authorize can have greater forensic abilities to see if a device is compromised,” Marczak says. “But of course that’s tough, because when you enable users to consent to things, they can be maliciously socially engineered. It’s a hard problem. Maybe there are engineering answers to reduce social engineering but still allow researchers access to investigate device compromise.”

Apple and independent security experts are in agreement here: there is no neat fix. Apple strongly believes it is making the correct trade-offs, a spokesperson said recently in a phone interview. Cupertino argues that no one has convincingly demonstrated that loosening security enforcement or making exceptions will ultimately serve the greater good.

Consider how Apple responded to Marczak’s latest report. Citizen Lab found that hackers were targeting iMessage, but no one ever got their hands on the exploit itself. Apple’s answer was to completely re-architect iMessage with the app's biggest security update ever. They built the walls higher and stronger around iMessage so that exploiting it would be an even greater challenge.













































“I personally believe the world is marching toward this,” Stortz says. “We are going to a place where only outliers will have computers—people who need them, like developers. The general population will have mobile devices which are already in the walled-garden paradigm. That will expand. You’ll be an outlier if you’re not in the walled garden.”

Comments

Popular posts from this blog

Escaped Murder Suspect Finally Arrested in Yumbe Regional Referral Hospital, Yumbe District.

Story by Osuta Yusuf. 19-November-2024. 📸: Eyotre Kennedy handcuffed on bed while receiving medication this morning at Yumbe Regional Referral Hospital in Yumbe District. Eyotre Kennedy originating from Etoko village, Nyoroo Parish, Nyadri Sub-county in Maracha District who has for many years been terrorizing residents in his village, has finally been arrested this Monday morning 19-November-2024 while receiving treatment at Yumbe Regional Referral Hospital in Yumbe District following injuries he sustained from Theft mission on Saturday night 16-November-2024 in Owapi village, Azapi parish in Odupi Sub-county, Terego East Constituency in Terego District. Click here on the link  https://informationispowah.blogspot.com/2024/11/fugitive-who-chopped-3-people-killed.html   to read the story on his Theft of Goats in Terego. Upon getting cut on the finger and leg by the Mob as he attempted to fight and overpower owner of the goats he attempted to steal on Saturday night ...

41-Years-Old Man Digs His Own Grave in Maracha District.

Story by Osuta Yusuf.  Maracha District.  📸: The grave been dug by Mr Opiga Michael, a victim of frustration. Photo taken by Osuta Yusuf , on Wednesday 11-September-2024. The residents of Ebapi village, Baria Parish in Nyadri Sub-county, Maracha east constituency, Maracha District are in shock after a 41 year old man started digging his own grave. The man, identified as Mr Opiga Michael, who seems to be frustrated over some challenges in life, started digging his own grave on Tuesday 10-September-2024 until he was stopped by the elders in Nyaria clan. 📸: Opiga Michael, the Victim of Frustration. Photo by Osuta Yusuf , Information is Power. While speaking to our reporter on Wednesday evening 11-September-2024, Mr Opiga Michael, said, his main plan  was to commit suicide after finishing digging the grave for burying himself, explained that, he feels frustrated, abandoned and hated by his own clan people, whom he accused of piling lies against him a...

Wedded Ayivu West MP Lematia John Fights Over Another Woman.

  📸: Hon Lematia John. By URN. Police in Arua district are investigating a case of assault and threatening violence involving the Member of Parliament for Ayivu West Constituency John Lematia and James Ariko, a DSTV technician in Arua city. Drama ensued on Easter Sunday 31-3-2024 at Dream Land Hotel located at Kuluva trading center along Arua-Nebbi highway in Arua district when the legislator and the technician engaged in a fight reportedly over a woman identified as Faith Eyotaru 25, a relationship officer at Victoria University Kampala. The scuffle started after Ayivu West Mp John Lematia went to swim at Dreamland Hotel with Faith Eyotaru only to find Ariko, who had gone to the same hotel earlier. However, upon seeing the duo coming out of the vehicle, Ariko confronted Lematia with both men claiming to be having a relationship with the lady. It took the intervention of the staff at the hotel who intervened and separated the fight between the men. Josephine Angucia, the West Nil...