![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneAmazing stuff. The Bahrain gov't bought a hack that allows them to send a text message to an iPhone owned by a journalist, anti-government protester, cheating mistress, whoever, and the phone is compromised. You don't have to click on a link, open a document, play a video. No interaction whatsoever. Receive the message, and your phone is rooted.
They probably paid a few million bucks for it, but they're the Bahrain government - what do they care for such a tool?
Apple has been fighting these zero-click attacks and instituted a good defense, but this latest one blasts right through it. The problem is that "we" (not me) want emojis, embedded videos, photos, etc. and that requires access deeper into the phone's infrastructure, and that all by definition makes things more vulnerable. If the app only allowed messages without any frills to be sent back and forth, and you had to use emails to attach the fun stuff, then the Messages app could be completely secure. But where would be the fun in that?!
So Apple gets to play an on-going game of whack-a-mole.
They're releasing a new version of IOS, 15, probably in October, which should increase security, but that security will certainly be broken at some point and the whack-a-mole will resume.
Myself, Apple occasionally ticks me off with changes to IOS. For example, I think it was when 11 was released, they broke their podcast player, and I foolishly updated my phone literally the day I was to drive to Phoenix, a nice long 500 mile drive. The break? Let's say you want to listen to four or five Wait Wait Don't Tell Me episode. You play the oldest and the next one automatically starts. Except the program broke and it wouldn't start the next, so you're zipping down the interstate at 75 MPH and have to fumble with your phone to start it. How the hell did this not turn up in testing?
So on occasion I think about buying a flip phone that has a 4G hotspot, plus an iPod Touch to hold all my apps, music and podcasts, and data stores and go back to something resembling the late '90s.
https://www.wired.com/story/apple-imessage-zero-click-hacks/
They probably paid a few million bucks for it, but they're the Bahrain government - what do they care for such a tool?
Apple has been fighting these zero-click attacks and instituted a good defense, but this latest one blasts right through it. The problem is that "we" (not me) want emojis, embedded videos, photos, etc. and that requires access deeper into the phone's infrastructure, and that all by definition makes things more vulnerable. If the app only allowed messages without any frills to be sent back and forth, and you had to use emails to attach the fun stuff, then the Messages app could be completely secure. But where would be the fun in that?!
So Apple gets to play an on-going game of whack-a-mole.
They're releasing a new version of IOS, 15, probably in October, which should increase security, but that security will certainly be broken at some point and the whack-a-mole will resume.
Myself, Apple occasionally ticks me off with changes to IOS. For example, I think it was when 11 was released, they broke their podcast player, and I foolishly updated my phone literally the day I was to drive to Phoenix, a nice long 500 mile drive. The break? Let's say you want to listen to four or five Wait Wait Don't Tell Me episode. You play the oldest and the next one automatically starts. Except the program broke and it wouldn't start the next, so you're zipping down the interstate at 75 MPH and have to fumble with your phone to start it. How the hell did this not turn up in testing?
So on occasion I think about buying a flip phone that has a 4G hotspot, plus an iPod Touch to hold all my apps, music and podcasts, and data stores and go back to something resembling the late '90s.
https://www.wired.com/story/apple-imessage-zero-click-hacks/
no subject
Date: 2021-09-04 12:28 am (UTC)This is why while we can have bad things, they come with caveats.