Earlier this year many Apple users found their iPhones and iPads effectively being held for ransom. The ‘Oleg Pliss’ hack demanded money be transferred to a PayPal account by the affected user in exchange for the hackers unlocking their accounts. At the time Apple said very little on the subject as the access hackers had gained to the devices was credited to stolen data or poor passwords, which then allowed the hackers to get into the affect accounts and to freeze them until the ‘ransom’ was paid.
Recent research carried out by Jonathan Zdziarski – a data forensics expert – indicates that there is a backdoor into iOS device’ operating system that could leave many devices vulnerable to being hacked in this way. Some have suggested that up to 600 million devices could be affected by this vulnerability, which essentially allows a hacker to bypass the backup encryption on iOS devices and steal the user’s personal data. In a business context the cost of this kind of data loss could be enormous if it was then held for ransom by a group like Oleg Pliss.
Zdziarski’s research found that these devices – especially those running iOS 7 – had secret data discovery tools or ‘undocumented features’ and that these could bypass iOS backup encryption. This provides access to everything from address book information to passwords. The forensics expert also found a ‘packet sniffer’ on devices that, whilst it did have legitimate uses, could also be used to spy on a user, whether the entity doing the spying was a government intelligence agency or cybercriminals looking for information that could be used in the commission of a crime.
If you’re concerned about your own device and network security, ITC Secure Working is a digital security consultancy firm providing various solutions to security issues for business. Although anyone is vulnerable to a hacking – whether a business or on a personal level – there are precautions that can be taken to keep the worst threats at bay. Contact us for more information.