The previously unknown vulnerability in the popular messaging app WhatsApp has highlighted a huge flaw in iPhones.
According to Vice, the issue is that the iOS is so locked down it is impossible for anyone to find out if their iPhone has been hacked.
“The simple reality is there are so many 0-day exploits for iOS”, Stefan Esser, a security researcher that specializes in iOS, wrote on Twitter. “And the only reason why just a few attacks have been caught in the wild is that iOS phones by design hinder defenders to inspect the phones.”
There is no specific tool that an iPhone user can download to analyse their phone and figure out if it has been compromised. In fact, Apple insists that it will sue anyone who tries to write such code. In 2016, Apple took down an app made by Esser that was specifically designed to detect malicious jailbreaks.
According to Claudio Guarnieri, a technologist at Amnesty International, who found that a colleague of his was targeted by NSO spyware last year, said that the “irony” is that there are better tools for attackers who want to do forensics on iOS—such as Cellebrite and GrayShift—than for defenders who want to help victims.
“These security controls have made mobile devices extremely difficult to inspect, especially remotely, and particularly for those of us working in human rights organizations lacking access to adequate forensics technology. Because of this, we are rarely able to confirm infections of those who we even already suspect being targeted”, Guarnieri wrote in a mailing list message. “Quite frankly, we are on the losing side of a disheartening asymmetry of capabilities that favors attackers over us, defenders.”
Jonathan Levin, a researcher who has written books about iOS and macOS internals and security and provides training on iPhone security, said that in his opinion, so few iOS zero-days have been caught because they are worth a lot of money, and thus more likely to be used in targeted attacks.
“To exacerbate the situation, payloads are often tested and perfected for weeks or more before deployment, thus ensuring a high chance of exploitation, and, inversely, a low chance of detection—especially in the case of ‘0 click’ attacks requiring no user interaction”, Levin said.
But unless Apple makes fundamental changes in how iOS is architected, “there is no practical way to tell an iPhone got ‘infected’” according to a security researcher who goes by the alias Xerub, and who is the organizer of 0x41, an iOS-focused conference.