Boy, it’s been a tough week for Apple.
First, the company’s FaceID technology was hacked, then they got in deep shit when it was revealed that secret software will disable features and send warnings if you try to replace the battery anywhere but the Apple store.
But the latest issue that was uncovered at this year’s Def Con 2019 hackers convention is potentially the worst of all.
A security firm called Check Point have found a way to hack into pretty every iPhone and iPad in existence through an app that we all use every day. Big yikes.
Basically, they discovered that devices can be targeted through the contacts app that is built into ever IOS device. Using the SQLite database (which is an industry-standard software), hackers can exploit your contacts app and steal private information like passwords and user data.
“SQLite is the most wide-spread database engine in the world,” Check Point said. “It is available in every operating system, desktop and mobile phone. Windows 10, macOS, iOS, Chrome, Safari, Firefox and Android are popular users of SQLite.”
“In short, we can gain control over anyone who queries our SQLite-controlled database.”
But the only thing MORE terrifying than the fact that hackers can steal your data is the fact that it’s all because of a bug that Apple has known about for four years but haven’t fixed.
So why hasn’t it been fixed, you ask?
Well. Basically Apple considered the bug to be pretty insignificant because they thought it required an unknown app to access the closed system data base. But the iOS system doesn’t have any unknown apps, so it didn’t seem like much of a threat at all.
But the Check Point researchers managed to bypass this by creating an app that appeared to be safe and for another purpose that was trusted by Apple. From there, they were able to infiltrate the system and gain access to the data.
“We established that simply querying a database may not be as safe as you expect,” they said. “We proved that memory corruption issues in SQLite can now be reliably exploited.”
Thankfully, the company have disclosed their research to Apple to hopefully get the bug fixed as soon as possible. But it’s pretty terrifying to think that an app that comes pre-installed on every device could be the key to having your data accessed by hackers.
Hopefully that means that it’ll all be fine and our information won’t be sold on the dark web, but I’m still shakin’ in my boots.
Brb joining an amish community because all of this tech stuff is fucking terrifying.