Boy, it was a difficult week for Apple.
First, the company's FaceID technology was hacked, then it became known that secret software disables features and sends alerts when trying to replace the battery anywhere except in the Apple Store.
The latest issue uncovered at this year's Def Con 2019 hacker convention may be the worst of them all] A security company called Check Point has found a way to come up with an app that we use every day in almost to hack every iPhone and iPad. Big Yikes.
In general, they found that devices can be addressed through the contact app, which is integrated with every iOS device. Using the SQLite database (industry-standard software), hackers can exploit your Contacts app and steal private information such as passwords and user data.
"SQLite is the world's most widely used database engine," said Check Point. "It is available in every operating system, desktop and mobile phone. Windows 1
" In short, we can take control of anyone who queries our SQLite-driven database. "
But the only frightening thing about the fact that hackers can steal your data is the fact that all of this is due to a bug that Apple has known for four years but has not resolved.
Why was not the bug fixed?
now. Basically, Apple considered the error to be rather insignificant, since an unknown app was required to access the closed system database. However, the iOS system has no unknown apps, so it did not seem to be a threat at all.
However, Check Point researchers managed to get around this by creating an app that seemed safe and for another purpose that Apple trusted. From there they could infiltrate the system and gain access to the data.
"We found that simply querying a database may not be as secure as you expect," they said. "We've proven that memory corruption problems can now be reliably exploited in SQLite."
Thankfully, the company has communicated its research to Apple to fix the bug as quickly as possible. But it's pretty scary to think that an app preinstalled on any device can be the key to hackers' access to your data.
Hopefully this means that everything is fine and our information is not sold in the dark web, but I'm still shivering in my boots.
Brb joins an Amish community because all this technical stuff is damned scary.