08/26/2021

The Stealthy iPhone Hacks That Apple Still Can't Stop

Security experts urge Apple to implement better security protocols

It's a shocking revelation: The Bahraini government allegedly purchased and deployed sophisticated malware against human rights activists, including spyware that required no interaction from the victim—no clicked links, no permissions granted—to take hold on their iPhones. But as disturbing as this week's report from the University of Toronto's Citizen Lab may be, it's also increasingly familiar.

These “zero-click” attacks can happen on any platform, but a string of high-profile hacks show that attackers have homed in on weaknesses in Apple's iMessage service to execute them. Security researchers say the company's efforts to resolve the issue haven't been working—and that there are other steps the company could take to protect its most at-risk users.

Interactionless attacks against current versions of iOS are still extremely rare, and almost exclusively used against a small population of high-profile targets around the world. In other words, the average iPhone owner is very unlikely to encounter them. But the Bahrain incident shows that Apple's efforts to defuse iMessage risks for its most vulnerable users have not fully succeeded. The question now is how far the company is willing to go to make its messaging platform less of a liability.

Please select this link to read the complete article from WIRED.