The inviolability of the iOS security has always been one of the Apple’s strenghts.
But can we really talk about iOS security without leaks and weaknesses of the Apple devices, or is it just a legend?
Well, instead of legend, nowadays, we can define it as a nice memory, especially after the discovered vulnerabilities into the system and the Zer0Dium case.
Related to this, it appeared evident that the Apple devices are not as inviolable as we thought until recently.
What happened after the identification of leaks in the iOS system and the explosion of the Zer0Dium case, made us aware of a bitter truth: the iOS operative system is not invulnerable.
But, of what does it actually talk about? What did it happen?
Has it always been a non vulnerable operative system, the developers have lost control over the sourcecode or their legendary development qualities, or the hackers have put themselves into it, more than ever to sneak in?
Well, we can say that it has been an unfortunate combination of all these things.
Anyways, the best way to reduce to the minimum the exposition to the cyber risks is to set up and update correctly the operative system.
1st February 2019, the reaserchers from Google Project Zero reported to Apple the presence of a series of vulnerability chains: 7 for Safari, 5 for the kernel and 2 escape sandboxes.
As reported by the reaserchers, these leaks would permit to have full access to the device and the execution of an arbitrary code out of bounds of an app.
Therefore, speaking of the code developement, there were big errors, such as partial readings of buffers, or operations between variables and constants in the code.
These factors exposed iOS to the risk of hacking for at least two years!
Not bad for a security threat!
To create further confusion, it’s been the acquisition platform called zero-day Zer0Dium.
Zer0Dium is an american enterprise of cyber security, that deals with the acquisistion of zero-day premium vulnerability with functional exploits from researchers and security and research’s reporting enterprises, together with protection measurements and security recomendations, to their business and governmental customers.
3rd September 2019, Zer0Dium revised its price list for the different types of purchasable exploits for the hackers, which led to the overtaking of Android on Apple, for what concern the price paid for a Zero Click exploit.
Since that episode, the public opinion has considered the Apple’s solutions not as safe as in the past.
The founder of Zer0Dium stated that this situation is due to the zero-day market has been invaded by iOS exploits, especially of Safari and iMessage, because many security researchers have focused mainly on iOS, destroying its security.
In the area of safety, when we talk about iOS devices, we often hear about the Jailbreak.
It’s about a procedure with which you block the access to every file of the Apple’s operative system on iPhone, iPad and iPod.
Once you obtained the root permissions, the Jailbreak starts automatically the download of the app called Cydia, that works in a similar way to the App Store.
This, indeed, offers the distribution of apps and tweaks to instal, in order to expand the capacity of a device.
Currently, the reasons to do the Jailbreak are three:
- this incorporates Cydia, through which you can instal Tweak and Personalisations;
- the Tweaks are improvments applied directly to the operative system, modifying original Apple’s file; the best functions are entered by Apple itself in the next operative system;
- the Personalisations include: the themes, that transform the front-end and twist the graphics; the fonts; the graphic effects; the addition of functions into the apps of the App Store.
Basically, the Jailbreak is used to obtain better performances from your Apple device and to make the most of its operative system.
On the other hand, the Jailbreak makes your iOS less safe under certain aspects.
In the specific, to get the root permissions on the operative system makes you “admins”, and so, able to instal anything, including some malwares as well.
Under other aspects, instead, your iOS seem to be even more safe thanks to the Jailbreak.
That’s the case when there are vulnerabilities in the operative system: in this circumstance, you should wait for another Apple update to solve it, risking that some cyber criminal could exploit the moment to attack you.
To bypass that problem, though, through the use of Cydia, it is possible to instal security patches in a faster way, without having to wait the timing of Apple for the release of updates.
Just think about the case of iPhone’s versions, now obsolete: if they discover leaks in their operative systems, the solution to restore the security would be to use the Jailbreak.
If you want to do the Jailbreak, nevertheless, you need to know that it’s not always possible: Apple, in fact, releases all the time new updates for iOS, that block the Jailbreak.
Another clarification related to it, it’s about the possibility to remove the Jailbreak.
This, indeed, is not permanent and can be removed in any moment, simply having a recovery in DFU mode, so to delete every data and the storage space.
Afterwards, there will be no trace of the Jailbreak and device will be as good as new: for this reason, it won’t affect the validity of the warranty.
Another matter that is worth talking about, iOS security-related, is the possibility to do a backup of your data.
This is particularly useful in case of a hacker’s attack that deprives the access to your data: doing a backup will allow you to have them always intact and at your disposal.
It’s so easy to do so: it will be enough to instal iTunes on the PC, the multimedial Apple’s software, that will permit you to archive all the data on the memory space of your iPhone, in order to restore them later on.
Using iCloud, the cloud platform of Apple, it is possible to save a backup of your device also online, and to sync your file on various devices, such as iPhone, iPad, Mac and Windows PC.
In fact, a 100% safety doesn”t exist for any device, but taking the right tricks of course reduces the exposition to potential threats and the consequences in cases of attacks from cybercriminals!
After all, if in 2001 Kevin Mitnick stated: “the only safe computer is a shut down one”, even more so, this goes for every device nowadays, cellphones and tablet as well.