Apple iPhone Is At Risk Of Being Hacked Through Mail Apps

iphone

Apple has been around for ages and this brand has been trusted by many of its users, but a recent study shows that Apple’s mobile operating software had a flaw and could leave millions of iPhone users vulnerable to attackers. Hackers can gain access to iPhones or iPad through a sophisticated security flaw in Apple’s built-in email app.

Isn’t Apple supposed to be unhackable?

Long gone are the days when cybercriminals primarily focused their attacks on laptop and desktop computers, today cybercriminals are targeting smartphones, why? Well, we use them almost on everything including bank transactions and other sensitive data transfer that could interest cybercriminals. 

Although Apple’s iOS operating system has been considered more secure than Android’s, it is because Apple’s operating system is a closed system. Hacking iOS is difficult because Apple does not release its source code to app developers, and iPhone owners can’t modify the code on their phones themselves the same as Apple’s ultrabook laptops.

While iOS can be considered more secure than Android, as they say, it is not impossible for cybercriminals to hit iPhones or iPads. So Apple isn’t unhackable after all, contrary to what Apple claims.

What do the experts say?

According to Moseley (Raam) of cyberguards.com, there is even spyware campaign in Hong Kong that infects iPhone users trough iOS backdoor, with these security issues that rising in linked to Apple’s name, users are starting to question their security on Apple devices that supposed to be the gold standard in terms of security.

The built-in email flaw was discovered by cybersecurity firm ZecOps, according to ZecOps that the security vulnerability is quite sophisticated because users don’t need to open the email in order to get infected, the attackers send the email and install malicious software the moment the Apple’s email reader begins downloading the message, it doesn’t require an interaction from users end which makes it dangerous.

According to Wall Street Journal, the attack was very difficult to detect since the malicious code was masked in the email sent by the attackers and the email could be deleted by the attacker or the user itself, unknowingly. ZecOps even identified some targets of the attack, including employees at a Japanese telecommunications firm, a North American company, and tech companies in Saudi Arabia and Israel.

The ZecOps started the research when they found malicious lines of code on iPhones from a client, they analyzed the code for suspicious activities. The chief executive and co-founder of ZecOps stated that the code stood out because it wasn’t found on many other iPhones, the investigation took months and eventually discovered that it was connected to a previously unknown flaw in Apple’s email app.

Even the latest software update the iOS 13 that was released last September had a bug that would make it possible for attackers to access an iPhone’s contact list without needing the phone to be unlocked and some discovery about a flaw in an iPhone’s third-party keyboard that could unapproved access to your device.

What does Apple say about this?

Apple said in a statement that “We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded that these issues do not pose an immediate risk to our users. The researcher identified three issues in the mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers.”

“These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance” The company added.

Should you be worried? 

While this flaw raises questions about whether users should not use the built-in email app, it is not a solution because even if you delete the app, the default email application won’t change at all and you’ll be just prompted to re-download the app in order to open an email.

Well, if you don’t use your iPhone or iPad for data-sensitive transactions like bank transactions or the like, then attackers can only get nothing from you if ever they hacked you. But if you use your iPhone for that matter then you may be worried if the flaw is genuinely what it is.

In a technological world, no one is safe from cyber-attacks. With Apple’s experiencing security flaws, all we can do is be aware of what is happening for us to make some mitigation for ourselves in order not to fall victim to these attacks. Well, in any case, let us all hope that Apple could fix all of these issues and fortify their security for future attacks. It is better to be safe than sorry.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.