Your iPhone or Mac Data Could be Hacked with an App
Yes, your iPhone and/ or Mac is extremely vulnerable to this new exploit, but I am not saying someone out there is actually hacking you.
We are talking about a research that was done by a group of researchers from Indiana University Bloomington, Peking University and Georgia Institute of Technology.
These researchers made and published a malware app and then used it to access some of the most sensitive data that could be stored on an iPhone or a Mac. After their test run they have published their findings in a paper where they say:
The consequences of such attacks are devastating, leading to complete disclosure of the most sensitive user information (e.g., passwords) to a malicious app even when it is sandboxed. Such findings, which we believe are just a tip of the iceberg, will certainly inspire the follow-up research on other XARA hazards across platforms.
What sort of data could be at risk if anyone who really intends you harm tries to use the same method, you might ask. The researchers have also given examples to answer that question:
On the latest Mac OS X 10.10.3, our sandboxed app successfully retrieved from the system’s keychain the passwords and secret tokens of iCloud, email and all kinds of social networks stored there by the system app Internet Accounts, and bank and Gmail passwords from Google Chrome.
Other than this, they were also able to hack passwords that were stored in safe keeping apps like 1Password and Evernote. Heck after being able to hack into OS X’a Keychain, they might as well have hacked anything on the device.
Looks like Apple needs to review the security measures they take with iPhone as well as Mac!