The Security Vulnerabilities of Apple

People are becoming increasingly concerned about their privacy rights when using communication platforms and are attracted to the promise of safeguards and offerings of end-to-end encryption. Billions of people use free apps for encrypted communications, including WhatsApp despite its many leaks.

Even Apple, which has a reputation of security, has been the victim of high-profile hacks. Apple’s defences were breached by the United Arab Emirates infamous hacking case in 2016 using a cyber super-weapon.

Project Raven was the name of the operation, which resulted in three former US intelligence and military personnel being charged with two counts each of conspiracy to commit device fraud and computer hacking and conspiracy to violate arms export control regulations.

The trio of hackers-for-hire were fined $1.68 million – the first resolution of its kind – for providing the Emirates government with the malicious software used in the exploits. The tool was a unique type of spyware that remotely targeted victims.

Zero-Click Exploits

Newly unsealed court documents charged former US intelligence officers Marc Baier, Ryan Adams and Daniel Gericke in the attack, which used a cyber tool known as Karma.

Typically, to use malware on a victims’ phone the user would need to click on a link before their device could be compromised. That wasn’t the case with this type of breach. In a zero-click attack, the victim isn’t aware they have been targeted. The hackers were able to get remote access to the iPhones of those under surveillance by simply uploading phone numbers or email addresses into the automated targeting system.

Veterans of cyber warfare say tools that can exploit hundreds of iPhones at once are being used by many nations including Russia, China, the US and its closest allies. Knowledge of security vulnerabilities for Apple devises can be valuable and the company knows it, which is why it has paid up to $1-million through the Security Bounty program to head off attacks.

Apple users are right to be worried they too could become victims of hackers.

Who Was Hacked?

Reuters reports those targeted under the direction of UAEs monarchy included the Emir of Qatar as well as a Nobel Peace laureate human-rights activist in Yemen and several people in the United States.

In 2016 and 2017, Karma allowed hackers to obtain photos, emails, text messages, and location information from the iPhones of its targets. It also let the hackers harvest saved passwords, which could then be used for other breaches.

The former US intelligence operatives said Karma relied, at least partially, on a flaw in Apple’s messaging system, iMessage. This flaw let the hackers implant malware on the phones even if they were not in use.

It is estimated thousands were monitored in Project Raven. If prominent citizens and heads of state can get hacked using a phone that is thought to be secure, no wonder the public feels unsafe?

Americans selling spy tools to foreign countries so they can spy on American citizens is scandalous, but is it different than the US spying on its own citizens, as the NSA has done for years?

Not an Isolated Incident

Anybody following similar scandals like Operation Dunhammer won’t be surprised that the privacy scandals of big and small countries are inextricably linked. In that case, the US got Denmark to spy on its own citizens, versus in this case, where they enabled another country to spy on Americans.

The number of countries with the capacity to hack on this scale isn’t very relevant when the ones that lack the tools can make deals with the ones that can. If a country or institution wants to spy on people but doesn’t have the technology, they can partner with those who do.

Without the world’s most secure custom mobile communications system anyone could fall prey to attacks in which personal information can be leaked to governments intent on using hackers to spy. Only the strongest encryption on the market can prevent hackers from obtaining your sensitive information.

The possibility is real for a major cyber-attack to be taking place now that we won’t hear about for years. Protect your communications today with advanced encryption on a platform that provides you with true security and ensures your privacy.