Israeli mobile security start-up Skycure has exposed a vulnerability that could allow hackers to control and spy on iPhones. If this vulnerability is exploited, hackers would access a user’s private information, including passwords, while the spying process would remain completely unnoticeable, given an impression of a secure connection. This finding puts a dent into the secure image iOS devices have so far built.
Adi Sharabani, CEO and co-founder of Skycure, made a demonstration to The Epoch Times showing how sensitive information, including the victim’s exact location, could be retrieved, while also controlling the user’s iPhone. Other than an attack on privacy, this could lead to more dangerous consequences – as an example, it is quite easy to change a GPS destination while driving and send the smartphone owner to a location the attacker chooses.
The vulnerability is harbored by the iOS Profiles, configuration files that are installed on a phone with a simple click. Taking this approach does voids Apple screening and is not restricted by sandboxing, as demonstrated by Sharabani.
“This technology wasn’t being widely used during the first years since its creation, but during the last one or two years it has been used on an increasingly large scale,” said Sharabani.
Profiles can be emailed or downloaded from Web pages and after being installed, they can change a large number of iPhone settings. Thus, malicious profiles can be used to route Internet activity through special proxy servers where each move a user makes can be watched, while also getting all needed passwords. If the attacker shows the user the page they are looking for, the monitoring of their actions would go unnoticed.