I want to bring you this week a document that many of you have rightly never looked at.
It has fewer pictures than a newsletter, subheadings like "libxml2" and is full of moderately electrifying sentences like "A logic problem has been fixed by improved status management".
But you don't have to read it in full, let alone understand it, to get to the heart of it: Apple fights the bad guys and sometimes loses.
The background: When Amnesty International published an IT forensic report on the use of the NSO surveillance software Pegasus on July 18, the introduction read: »The last time, in July 2021, was a successful zero-click attack against an iPhone with everyone Security updates and iOS 14.6 observed, which exploited several previously unknown vulnerabilities «.
This was translated further down in the report to be suitable for laypeople, with the assumption "that the customers of the NSO Group are currently able to compromise all modern iPhones and all versions of iOS."
And that from a distance and without the victims having to open or click anything.
Just zero-click.
Amnesty assured Apple had been informed.
The next day (ten days after the beta version) the company released an update for its iPhone operating system, version 14.7, including some security updates.
The details followed on July 21, headed "Information on the security content of iOS 14.7 and iPadOS 14.7".
That is the document I mentioned at the beginning.
The first thing that strikes you: The list of vulnerabilities fixed with iOS 14.7 is astonishingly long.
Also noteworthy is how many of the vulnerabilities allow "arbitrary code execution," as Apple puts it.
No less than 17, in words: seventeen security holes allow third parties to launch any malicious code on the victim's iPhone.
According to Apple, 17 times it is about "bad intentions".
I have to classify that first. In one case, the malicious attacker needs physical access to the iPhone. In another, the victim has to dial into a manipulated WLAN. And "execution of arbitrary code" sounds like "do what you want", but does not say anything about how far an attacker would get with it. Think of iOS like an obstacle course for hackers, with partitions that not everyone can negotiate.
It is also not clear whether the identified security gaps could lead to the clandestine infection with Pegasus, and if so, which of them. Apple hasn't clarified that yet. I asked Costin Raiu, Head of Research at Kaspersky Labs, for his assessment. He too remains cautious for the time being. In an e-mail he wrote to me that there was "currently no indication that iOS 14.7 fixes the vulnerabilities that were used to install Pegasus".
But some of the loopholes described are particularly interesting "because they have such a great potential for abuse."
There are three of them in the document if all you search for is "Processing a maliciously crafted image file may result in arbitrary code execution."
These are precisely the vulnerabilities "that could be used for zero-click attacks," says Raiu.
What he means: The hack of an iPhone consists in sending the victim a manipulated photo that they cannot see in the first place.
Malicious intent can be found in many file formats
Just take a look at what the document says can be created "in bad faith".
It says something about PDF files, audio files or the content of Internet pages.
And then there is also what such files can do.
Some can "bypass certain privacy settings", others can disclose user information or "may reveal memory contents".
The list goes on.
Anyone reading the document wonders a little whether something is actually still allowed to be clicked on the Internet.
The moral of the report: Apple may not even wrongly claim that security researchers “agree that iPhones are the most secure devices on the market”.
They are by no means unhackable.
The cryptography expert Matthew Green has already made some suggestions to Apple as to how iOS could be hardened further.
However, they mean that large parts of the code would have to be completely rewritten.
That could lead to malfunctions in everyday use and, above all, would cost a lot of money, writes Green.
But he hopes that Apple's security chief Ivan Krstić will "wake up tomorrow and tell his bosses that he wants to bankrupt the NSO Group, and that the bosses will then reply," Great, this is a blank check "".
External links: three tips from other media
»› Paula Tinder ‹has children now?« (3 reading minutes)
Jan Stremmel from the »Süddeutsche Zeitung« has a new morning ritual: He watches what »Jens Ebay Iron« and »Raffaella Airbnb Naples« are doing.
Because he has given WhatsApp access to his address book at one point or another, he can automatically see the WhatsApp stories posted by the people with whom he was in contact at some point.
"How TikTok's Algorithm Figures Out Your Deepest Desires" (video, English, 13 minutes)
How does TikTok's legendary recommendation algorithm, the heart of the app's success, work?
And where does it take users?
The Wall Street Journal has examined this and explains it clearly.
"This Chat is Being Recorded: Egregor Ransomware Negotiations Uncovered" (6 minutes to read)
Egregor was a
bustling
ransomware group until February 2021.
Security specialists from IBM have now evaluated chats between the criminals and their victims to illustrate the process of ransom negotiations.
For example, anyone who claimed they had too little money was asked to submit their tax documents as evidence.
I wish you a sunny week!
Patrick Beuth