As smartphones are becoming more sophisticated everyday, more and more malware is being created and distributed. The two main platforms that dominate in terms of market share is Android and iOS. Both are not completely secure, as new vulnerabilities are found every month. Both Apple and Google often release updates with security patches to fix things such as lock screen bypasses and security against viruses that are sent through different mediums.
Attacks and Exploits can occur through various methods, such as…
- Cell Networks
- Web Browser
- System Certificates
- Bugs in Code
The most common exploits are through messages, Wi-Fi and the operating system itself.
An example of exploits through messages is from 2015, when Apple phones would restart when sent a specific string of characters. These Unicode characters would crash the phone because of the way iOS processes notification popups and displays them. The string itself was “effective. Power لُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ 冗” and would cause the iPhone to restart or respring the homescreen. Apple soon fixed this with a software update, but provided a temporary fix in the mean time.
Another more recent iPhone glitch has the same principle, where you can send a link to a video that when watched, causes a loop or memory leak, which is a “failure in a program to release discarded memory, causing impaired performance”. This is similar to the first iPhone glitch, except the only way to solve it is through holding a series of buttons and performing a hard reset. If you want to test this out for yourself, the link is here. Please try it at your own risk.
While both of these glitches are fairly harmless, the vulnerabilities can be used for more unethical purposes, such as transmitting malware. An example of a more serious vulnerability was discovered in 2015, and known by the name of Stagefright. This exploit could be executed remotely through MMS. This type of attack would have been very deadly, as all you needed was the victim’s phone number. Google and other manufacturers released software updates following the release of this information.
As you can see, new vulnerabilities and exploits are being found by companies, users, and hackers everyday. White hat hackers are people who find such vulnerabilities and report them to the companies so they can fix it. Black hat hackers do the opposite and hack for financial gain or other nefarious reasons. Luckily, companies try to stay aware of these exploits and work as fast as possible in order to patch them in an upcoming software update. As for individuals, you should be aware of what apps you install and to have an anti-virus on your phone in order to scan files you download. You should also be aware of what networks you connect to and use a VPN in public areas. These practices will help keep your smartphone secure.