قالب وردپرس درنا توس
Home / Apple / Apple's iOS Contacts app claimed to be vulnerable to SQLite hack

Apple's iOS Contacts app claimed to be vulnerable to SQLite hack



Researchers at the Def Con 2019 Security Conference demonstrated a method of utilizing regular database searches to produce malicious results, and used Apple's standard iOS Contacts app to prove it.

  Apple's iOS Contacts is one of the many applications that use SQLite [19659003] Apple's iOS Contacts is one of the many applications that use SQLite </span></div>
<p>  Security Point Check has shown a vulnerability in the industry-standard SQLite database format that can be exploited . As the company spoke with Def Con 2019, the company demonstrated the technology used to manipulate Apple's iOS Contacts app. Searching the Contacts app may be enough to get your device to run malicious code. </p>
<p>  "SQLite is the most widely used database engine in the world," the company said in a statement. "It is available in all operating systems, desktops and mobile phones. Windows 1<div class=
0, macOS, iOS, Chrome, Safari, Firefox and Android are popular users of SQLite."

"In short, we can gain control over anyone who asks for our SQLite-controlled database," they continued.

When you search for a contact or look up information in any app, you really search a database and often use SQLite.

Documented in a 4000 word report seen by AppleInsider the company's hack involved replacing part of Apple's Contacts app, and it also relied on a known bug that has not been resolved four years after it was resolved discovered.

"Wait, what? How has a four-year-old bug never been solved?" The researchers write in their document. "This feature was only ever considered vulnerable in the context of a program that allows arbitrary SQL from an untrusted source, and it was therefore muted accordingly. However, SQLite usage is so versatile that we can still trigger it in many scenarios. " [19659005] In other words, the error has been considered unimportant because it was believed that it could only be triggered by an unknown application that gained access to the database, and in a closed system such as iOS there are no unknown apps. However, Check Point researchers managed to get a reliable app to send the code to trigger this bug and exploit it.

They replaced a specific component of the Contacts app and found that while apps and any executable code must have gone through Apple's startup checks, a SQLite database is not executable.

"Persistency [keeping the code on the device after a restart] is difficult to achieve on iOS," they said, "since all executables must be signed as part of Apple's Secure Boot. Fortunately for us, SQLite databases are not signed."

  Detail from Check Documentation Hack Documentation

Detail from Check Documentation for Checkpoint

They had to have access to the unlocked device to install this replacement for part of Contacts. After that, however, they could choose what they wanted to do when the Contacts database was searched.

In the form of the demonstration, they just had an app crash. The researchers said they could have created the app to steal passwords.

"We found that just asking if a database is not as secure as you expect," they said. "We proved that memory corruption issues in SQLite can now be reliably exploited."

"Our research and methodology have all been revealed in a responsible way to Apple," they concluded.

This is not the first time that a problem in a SQLite database has resulted in an error, nor one that has remained unmasked for years.


Source link