The discovery of security expert Jiska Classen from the TU Darmstadt has no practical significance for most of the users of an iPhone, but it is still interesting: In her tests it has been shown that iPhones do not cope well with fuzzing at all. This method is popular with security researchers, here systems or apps are fed with a randomly generated data stream. The advantage: The sheer amount of data to be transferred and the speeds that can be achieved far exceed what a researcher can enter manually. In recent years, security vulnerabilities have been discovered in many popular applications with increasing frequency.
The iPhone does not tolerate fuzzing, like the expert on one Lecture demonstrated at the CCC’s virtual congress.
Some iPhones can no longer be used after fuzzing
Classen sent manipulated images to an iPhone and examined their processing. The modem chip in particular showed weaknesses here. For example, ongoing phone calls were interrupted with disturbing noises or calls could no longer be made. In addition, SMS messages containing manipulated data could no longer be deleted.
The data connections also got mixed up in some cases.
For her demonstrations she used, among other things, the iPhone 7 and 8, some of which were different modems: US models were equipped with a Qualcomm chip, the models intended for the European market with Intel modems. Ultimately, both chips were vulnerable, but to different types of data. From this knowledge, possible attacks with malware on an iPhone can also be developed, so the demonstration of classes is not only of academic interest.
