Ground-breaking iPhone hack discovered

Last week, you may have seen a nasty new hack/exploit had been discovered that specifically targets iPhones.

What was particularly worrying about this one was that it would allow a hacker to remotely crack (Jailbreak) an iPhone operating system and install spyware that could then capture emails, copy contact lists, determine the user's location, see text messages and even turn the microphone on. 

This kind of spyware is not new and is already available. However to install it, the 'threat' would need to have their actual hands on the device to first 'jailbreak' the device before they can load it. 

For those of you who may be less ‘Techie’, I’ll explain why and what jailbreaking is.

The vast majority of mobile phones operate on iOS (Apple) and Android (Samsung, Motorola, etc.). There are other platforms like Blackberry but, for the sake of this article, I’ll keep to the ones most predominantly  used.

There are plenty of differences between Android phones and iPhones. One reason some prefer Android is the access it affords them to being able to download a wider range of apps, games and other software from many different sources and not from just one location (The App Store). This benefit can come with it’s own risks as you can't always vouch for the integrity of the download or the place you may be getting it from. Apple, on the other hand, keeps a very tight control of it’s environment and most especially any Apps you want to install on their devices. Very little can be downloaded from outside their own App Store. Having my own app, TacticsON, I know how stringently they check every new release we submit. For example, it can take up to 2 weeks for Apple to test and approve before it is uploaded and available on the App Store. Whereas with the GooglePlay store, you can upload and see it in the store in seconds. 

Jailbreaking is, fundamentally, 'unofficially' unlocking your iPhone’s operating system (including many of the security settings) so you can download software, apps, etc. outside of the App Store. 

However, if you jailbreak your phone you will remove the important measures of protection that keeps your content (emails, calls, SMS, contacts, location, etc.) safe. I strongly advise against jailbreaking as it not only leaves yourself extremely vulnerable and more exposed to malware, viruses, etc. but will also void the warranty on your device.

So why is this new threat so worrying? Well, as I’ve mentioned, to conventionally install spyware on a phone, the user/owner/someone else needs to have their hands on the device, know the phone's passcode, have a Wifi connection, to then jailbreak it to be able to install the spyware. This worrying new exploit means it could now all be done remotely and bypass this by simply sending an email or text with a link in the message (like a typical Spear Phishing attack) which if the user clicks on, enables the spyware to jailbreak the phone and also load all the scary stuff.

This new exploit has been - allegedly - developed by an Israeli Cyber company who specifically develop ‘tools’ for governments. So this was not some basic hacker.

Apple go to great lengths to protect their operating systems/devices and strongly defend against any attempts to exploit or hack them. Remember the FBI trying to gain access to an iPhone belonging to the San Bernardino terrorists? Apple wasn't going to give them any help which, as a result, meant the FBI had to outsource to external 'specialists' to help them crack it (which I believe cost them at least a million bucks).

So what can you do to protect yourself right now? 

Well, if you are an iPhone user and haven't already updated your software in the last few days, firstly back up your phone to iTunes or iCloud (to be on the safe side). Then go to ‘Settings’ on your phone, then ‘General’ and then ‘Software Update’ and you will see a latest fix ‘9.3.5’. If it hasn't already updated to this, follow the prompts and do so.

If you think you’ve been hacked already? I would generally recommend again backing-up your phone first and then doing a ‘full restore’. This will take the iPhone back to it's original factory settings and reinstall the most current and latest software. If it had been jailbroken and/or have any spyware on it, this will usually erase anything malicious and set your iPhone back to normal.