How "unhackable" is your iPhone actually?

Feb 23, 2021, 11:26 PM

How "unhackable" is your iPhone actually?

How Safe Are We?

You may have heard at some point in your life that Apple's operating systems—namely iOS and macOS—are nearly untouchable when it comes to malicious malware. Of course, it has been rammed into all of our brains (and with good reason) that no software is truly unhackable: if it connects to the internet, it can be infiltrated. Yet the rigidity of Apple's closed system when it comes to its software has certainly stood the test of time for providing some of the most secure, consistent and stable mobile (and laptop) experience for its users.

Android users (myself included) often find themselves complaining about the lack of many liberating features such as direct music and video file transfers between iPhone and PC (Apple requires iTunes or other 3rd-party mediator apps for that), or having access to countless indie apps downloaded straight from the browser. Android allows all these freedoms and a great deal of core functionality customization with its open source software. Yet we often tend to ignore the fact that Apple's control freak-ness has actually kept its gadgets out of reach of most types of malware to which other OS users are easily susceptible.

The Silver Sparrow Virus

However, to say Apple OS's are untouchable would be far from the truth. Red Canary recently came out with a shocking report on a virus that has infected nearly 30,000 macOS-running systems. This came as a direct affront to Apple's purported world-class security systems in place on all of its devices, and nobody knows how it got in. What does the virus do, you may ask? Well, it simply exists... for now. But it has the potential to cause significant harm should it choose to do so—and it checks with the command server every hour for instructions. Apple is working to contain the threat, but if MacBooks can be bugged so easily, could your iPhone be next?

Bug Bounty

In 2019, Apple made the bold move to promise a million-dollar award to anyone who could hack their iPhone—but perhaps they needn't have gone that far. A similar stunt was pulled by bug bounty firm Zerodium in 2015. An unidentified team took on the challenge and promptly won the million by hacking iOS 9. They achieved this by carrying out a complete and remote browser-based jailbreak enabled on the inside by getting the user to open a bugged link or message—a vulnerability for which Apple was sure to pay more than the bounty sum. The bounty posted by Apple in 2019 hasn't been claimed yet, at least not to anyone's knowledge. But it's very possible that those who can are after bigger game.

Zero-Click Hacks Are a Real Thing

Only two months ago, a new Israeli spyware called "Kismet" was revealed, which was able to enter an iPhone through an existing weakness in the iMessage app. The message only had to be received on the target phone for the spyware to be able to take control, leaving no trace. It is not clear how much damage was done before Apple patched the vulnerability with iOS 14.

When Jeff Bezos' iPhone was hacked last year, it became clear that Apple's famed mind-bogglingly complex security systems could well be its downfall. Once an intelligent enough virus or malware finds its way in, it can be easy for it to remain there for a long time undetected, beneath the endless lines of code.

Apple Likes to Keep Mum

The fact that Apple deals with its security patches and strategies in a highly secretive manner, rarely disclosing details, adds more layers of uncertainty to the issue of iPhone software security. How safe are we actually? If some part of our phones were currently compromised, should we expect to be informed about it? Clearly information on exploitations or possible breaches of iOS privacy or security are million-dollar matters tossed between the top dogs.

By the way, it's good to know that Apple will never call or message you about a security breach. If you are contacted in any way by someone claiming to be from Apple, telling you you've been hacked, it's most likely a phishing scam—never click on the links or give any information.

Of course, it goes without saying that any jailbroken Apple device loses many of its security features and is automatically at greater risk for infection. Yet the majority of iPhone users will not find this relevant, having chosen to give Apple their money in exchange for its promise of simplicity, stability, consistency, and—perhaps most importantly—security. But one must always know that "what happens on your iPhone stays on your iPhone" may not always be the case. Although Apple certainly has one of the most high-end security systems, perfect safety is difficult to guarantee these days.

SUBSCRIBE TO OUR NEWSLETTER!