If you start digging around the internet for tips on hacking an iPhone, a lot of what you read has something like this to say: “It is for the really advancedhackers/geeks/experts/techies” and so on. This is because it is not so simple to bust through the basic design behind the popular iPhones.
However, even with that in mind, iPhone hacking is possible. For example, during the annual Pwn2Own contest, a Dutch team was able to hack into an iPhone 4S to take the prize. How? According to the team they “exploited a WebKit vulnerability to launch a drive-by download when the target device simply surfs to a booby-trapped web site.” (http://www.zdnet.com/article/mobile-pwn2own-iphone-4s-hacked-by-dutch-team/)
Of course, the word “simply” in that explanation is a bit incongruous because there is nothing “simple” about that iPhone hacking method at all. And this is good news for iPhone owners worried that there actually is a way for iPhone hacking to occur. However, before you open the device and begin happily using it for all kinds of activities, keep in mind, that the hack was done, the instructions are out there, and more and more hackers are interested in finding a way inside the popular line of phones.
There is also the problem of jailbreaking.
Jailbreaking and iPhone Hacking
Your iPhone is going to arrive with DRM or Digital Rights Management in place. This is software that limits the kinds of software you can run on your device, or it is in place strictly for security. The process now called jailbreaking is used to bypass the DRM and let you run unauthorized or unapproved apps or procedures on the device.
This is a serious form of iPhone hacking, giving owners access to areas and functions that Apple has never approved, and for various reasons. For instance, an app never shows up in the App Store until it has been approved. This eliminates the threats of hackers using an app to gain control of devices, harvest data, and create all kinds of problems.
For instance, as one expert says:
“Jailbreaking has some inherent risks. Root access is necessary for modding, but it can also open the floodgates for malicious attacks.”
And though you might believe that any iPhone hacking is self-limiting to your phone, think again.
Let’s say you are at home, using the home router when the iPhone hacking event occurs. Because that iPhone is using the network, it becomes what is known as an attack surface. Essentially, jailbreaking and installing apps unapproved by Apple can easily allow iPhone hacking to give criminals and undesirable users complete access to the home network. Certainly, firewalls on your PCs may eliminate the threats to those devices, but you may suddenly find your router and network the source of an unlimited number of harmful to illegal activities.
Of course, you don’t have to jailbreak to download an app that is a risk to you. For example, a developer can add your UDID to the development chain for an app, and this can open you to risks of many kinds. A developer with an enterprise development account may send you an app, and if you approve, you are also opening the door to problems.
These are examples of hacking using social engineering principles, meaning that hackers use manipulation in order to encourage you to create that vulnerability. As one site so aptly warns:
Security is all about knowing who and what to trust. Knowing when, and when not to, to take a person at their word; when to trust that the person you are communicating with is indeed the person you think you are communicating with; when to trust that a website is or isn’t legitimate; when to trust that the person on the phone is or isn’t legitimate; when providing your information is or isn’t a good idea.
Ask any security professional and they will tell you that the weakest link in the security chain is the human who accepts a person or scenario at face value.
What this means when the topic is iPhone hacking is simple — only you can open that door by jailbreaking and/or using apps that are not cleared by Apple. Removing those security options from your device also creates that attack surface the moment you use the device on the home WiFi.
Stopping the Risks From iPhone Hacking
Sadly, hackers seem to be at work at all hours of the day or night, and it may not always be that iPhones are as resistant to the kind of hacking that plagues Android devices. However, we did learn that there are ways that the iPhone can and has been hacked, and remember that many celebrity phones have also been hacked by simple brute force password attacks.
In all instances, you need to find or create a Plan B approach that allows you to remain secure in the event that an iPhone does become an attack surface inside of your home. After all, according to the Guardian, around 55% of cyberattacks go unnoticed by most antivirus software, and with more than half of all devices vulnerable to threats, it is more than the iPhone to worry about.
This is why you need to do much more than install anti-malware or anti-virus software on computers, and why the firewall on the home router is rarely adequate to the work. In addition to updating the firmware on all of your connected devices (including things like “smart” thermostats, fitness watches, baby monitors and so on), installing firewalls and protective software on PCs and considering the security settings on the router itself, also consider a gateway device.
What is that? There are now products like CUJO that are electronic gateways that place themselves between your devices and the internet. Examining the data that goes into and out of the network, the device actively learns how your devices behave, and understands acceptable versus unacceptable patterns. Constantly analyzing data, it will always know when any device in your home has become an attack surface, and prevent this vulnerability from being used.
