April 24, 2020

Zero-day: Your iPhone Can be Hacked by a Single Email – Proof & Prevention

A new Zero-Day Attack has revealed that your iPhone/ iPad has been vulnerable to an Email hack for 8 long years, since the iOS 6 launch, from 2012.

Zero-day: Your iPhone Can be Hacked by a Single Email – Proof & Prevention

Is my iPhone secure? We should take a hard look at our iPhones and contemplate over this subject. While Apple has often advertised that their iPhones are highly safe in terms of hardware, system encryption and data privacy; hackers, researchers and cybersecurity experts don’t seem to hold the same opinion. Time and again multiple ‘Apple iPhone hacked’ news, vulnerabilities, exploits and bypasses have been successfully attempted.

Most recently, an ethical hacker, Ryan Pickren discovered how can your iPhone camera be hacked in a few easy steps. The notorious list of such explorations goes on and on:

But moving on to the latest iPhone hacking news at hand – in April, 2020 a cybersecurity firm, ZecOps, submitted a research after detecting suspicious activity on a client’s iPhone. This San Francisco company works by connecting their client’s phone to a computer/ kiosk, which uploads all data logs to a centralized server. This code is then studied and analyzed by their team for any discrepancies.

iOS Email Hack Discovery

ZecOps cofounder, Zuk Avraham, revealed that while working on the said client’s iPhone, they discovered some unrecognizable unique lines of code. This was the beginning of a months-long Digital Forensics and Incident Response (DFIR) investigation. The team eventually detected that the conflict was due to an unexposed flaw in Apple official ‘MobileMail’ app. This was a remote code execution, which resided in the MIME library of the mail application.

Turns out this flaw existed in iPhones/ iPads since the iOS 6 launch, from 2012. Allegedly, this bug was being exploited for at least 2 years to target and spy on numerous high-profile victims.

The experts behind this operation caught various zero-day triggers in the wild that infiltrated Fortune 500 companies, VIPs, MSSPs from the Middle East and journalists from Europe.

iPhone Hacked Mail Vulnerability

ZecOps have no confirmation on the threat actors involved, but they believe the attacks are most certainly carried out by ‘nation state threat operators’,hackers for hire’ who are selling the data to wealthy parties.  

How Did the iPhone Email Hack Work?

For the scope of the attack, Cyber Attackers figured out a way to simply send an encrypted email and gain remote access over the individual’s email account, that is logged into the affected app. The major vulnerabilities that were exploited in the wild were mainly because of 2 critical flaws:

  1. Out-of-bounds Write
  2. Remote Heap Overflow

Both these bugs transpired because of the non-handling of system call’s return value.

“ZecOps found that the implementation of MFMutableData in the MIME library lacks error checking for system call ftruncate() which leads to the Out-Of-Bounds write. We also found a way to trigger the OOB-Write without waiting for the failure of the system call ftruncate. In addition, we found a heap-overflow that can be triggered remotely.” explained researchers.

Further, when the downloaded email is processed the remote bug can be executed. As a result, the email will not be downloaded completely.

Affected Library:
/System/Library/PrivateFrameworks/MIME.framework/MIME

Vulnerable function:
-[MFMutableData appendBytes:length:]

Is My iPhone Hacked? – From End-User Perspective

Unfortunately, this cyberattack doesn't cause any substantial or abnormal activity that can lead you to doubt your iPhone’s system security. In most cases, this ‘specially crafted email’ slides secretly in your inbox and is enabled with ‘zero-click’ exploit, where the recipient isn’t even required to open the email.

This gives the hacker a chance to gain quick access to the account and delete the suspicious email, leaving no trace behind. At large, the only issue you might face is your ‘Mail’ being a little slower than usual, or sudden app crash, which honestly doesn’t raise any obvious red flags.

Though in some failed attacks, the targeted user might receive an email reading “the message has no content”.

iPhone Hacked by Email

One point of relief in this narrative is that this single email hack will not provide the control of your iPhone to the attacker. Unless of course, it is linked together with another kernel vulnerability, which is an option some hacking groups are trying to explore.

How Can I Secure My iPhone?

During the process of investigation, researchers from ZecOps had already alerted and reported the security threat to Apple. Their official spokesman, Todd Wilder said these issues “do not pose an immediate risk to our users”, and they will be fixing it in the upcoming updates.

As of this Article’s publication, Apple has released a Beta version patch in iOS 13.4.5 to fix both aforementioned vulnerabilities.

Apple Update Fix for iPhone Mail Vulnerability

Till the official release and for future protection against such threats, disable the ‘Mail’ application and try the official Gmail, Outlook or other official E-Mail apps.

Can My iPhone be Hacked?

Yes! Returning to the very beginning of this article, the answer should be pretty obvious by now. What you can do is keep a close eye for any fishy and unusual activity on your iPhone. Moreover, keep yourself updated with the latest in Apple iPhone Hacking News.

For the official report on iPhone Email Hack by ZecOps, read their in-depth blog article here.