Apple keeps a very tight lid on iPhone security, but that might actually benefit very sophisticated hackers, according to some security experts.
This is how Saudi Arabia was allegedly able to hack Jeff Bezos’s iPhone X.
iPhone locks out criminals
Apple puts a great deal of internal effort into securing the iPhone’s operating system. It also tremendously restricts the number of people outside the company given the tools to help debug iOS to prevent these tools from falling into the hands of malicious hackers. Security experts told the Washington Post that while this successfully keeps out typical iPhone crackers, it can’t stop the very best in the world.
Although it’s extremely hard to find security holes in iOS, spy agencies and some security companies have the necessary resources. “A lot of Apple security is amazing and really benefits the average user, but once you’re a target of an advanced adversary or three-letter agency, the advanced security of these devices can be used against you,” Patrick Wardle told the Washington Post. Wardle formerly worked at the US government’s National Security Agency.
Security experts point out that because Apple limits the number of people it has looking for security vulnerabilities, it’s less likely to find and close them.
There are some recent real-world examples of governments using their clout to hack Apple devices. An iPhone X used by Jeff Bezos, owner of the Washington Post and CEO of Amazon, was allegedly hacked by agents working for Mohammed bin Salman, the crown Prince of Saudi Arabia. A forensic analysis of the handset says the attack was likely done with NSO Group’s Pegasus, spyware that the US and UK also allegedly use.
And the FBI succeeded in cracking an iPhone used by Lev Parnas, an associate of President Trump’s personal lawyer Rudy Giuliani. It took 2 months, but it was possible.
Apple expanding efforts to find iPhone security bugs
Apple is aware of the problem and begun taking steps to remedy it. The company recently unveiled a program to give selected hackers access to iPhone dev devices, which will allow them to more thoroughly inspect the processor and memory of iPhones for vulnerabilities.
It also increased the amount it pays researchers for locating new security holes in iOS, and also macOS, tvOS, watchOS, and iCloud. The maximum payment in Apple’s bug bounty program is $1 million.