Released less than three weeks ago with an operating system that has already been patched twice, Apple's iPhone 5s is being called the most vulnerable Apple mobile device yet, according to experts.
Researchers with Berlin-based Security Research Labs (SRL) outlined one way of completely taking over the new Apple phone – placing much of the blame on the Touch ID fingerprint authentication feature and the iOS 7 operating system.
The mobile experts – who previously revealed how SIM cards are vulnerable to remote hacking – released a step-by-step video on Thursday detailing how easily a crook can take over an Apple user's expanded cellular life by simply ripping the new iPhone from their hands and running away.
The first thing a thief will do with a purloined iPhone 5s is activate airplane mode. This can be done by asking Siri, or by going into the Control Center, a feature new to iOS 7, according to the video. Activating airplane mode effectively disables the ‘Find My iPhone' app – and the ‘Find My iPad' app – that allows users to locate missing devices, as well as wipe their mobiles from afar.
So, while a victim is fruitlessly attempting to defend the device remotely from the web, the thief has all the time in the world to begin bypassing the lock screen. Depending on the user settings, the crook has two options: guess the passcode, or spend an hour replicating a lifted fingerprint on wood glue to access the iPhone 5s.
Next, since Apple IDs are typically tied to email addresses stored on the mobile, the thief will take ownership of the device by using a computer to send an Apple ID password reset request to one of the email addresses on the iPhone.
The crook then must activate Wi-Fi long enough to receive the password-reset email, but then quickly deactivate it before ‘Find My iPhone' locates or erases the device. This was replicated five times on the same device, according to SRL.
An email will then be sent to the iPhone with a link to change the Apple ID password. No Wi-Fi? Not a problem. The email link can be copied and pasted into the notes app, where it shows up in plain text, and can easily be transcribed into a computer browser.
After resetting the password, the criminal can now access all sorts of features tied to the Apple ID account, including iTunes and iCloud services. But first, the crook will erase the device from the owner's ‘Find My iPhone' service, turn on Wi-Fi, and allow the remote wipe flag to activate and erase the device. Lastly, the phone is restored via iCloud backups.
Now the thief is a kid in a candy shop – with complete access to the world the user created on their iPhone. The crook may shoot phishing emails to contacts, seeking out information, or they may use text message verification to hijack email, social media and e-commerce accounts, locking the owner out indefinitely.
According to SRL, Apple should make airplane mode inaccessible from the lock screen, as well as require a passcode and fingerprint anytime airplane mode is activated or the SIM card is removed. Additionally, Apple should warn users against tying Apple ID credentials to email accounts registered on the device, as well as not informing people as to how the device is protected.
SCMagazine.com reached out to SRL for comment, but did not immediately hear back.
