August 9, 2019
Google Tells Apple To Fix Its Security Flaws
To say that Google and Apple don’t enjoy the friendliest of relationships would be an understatement. They’re in direct competition in almost every area of technology. Users of Apple’s iPhones and Google’s Android devices rage against each other in fierce debates all over the internet about who makes the greatest hardware and software. The technology giants will go head to head in the world of video gaming soon, as the Apple Arcade is set to go toe to toe with Google Stadia. Whatever Apple can do, Google likes to think it can do better, and vice versa. That means that the news which leaked this week about vulnerabilities in Apple’s iMessage software couldn’t possibly be more embarrassing for the company.
Within Google’s vast sphere of operation is a team called Project Zero, which was set up in 2014 to identify and help to resolve security issues in both hardware and software connected to the internet. In the spirit of sharing and caring, Google didn’t just task the Project Zero team with assessing Google’s output – they asked them to look at the whole information technology world, and point out holes wherever they can find them. In the past, Project Zero has located security issues in products belonging to Samsung, Facebook, and Microsoft. None of them generated as much publicity as their latest big reveal.
In news that has now made headlines around the world, Google has identified five different vulnerabilities within the current version of iMessage. However well-intentioned the mission of Project Zero is, it’s hard to imagine that Google didn’t take at least a little pleasure in pointing out the mistakes made by their biggest rival. It’s even harder to believe that Apple’s senior executives weren’t both furious and devastated by the publication of the news.
As is Project Zero’s usual approach, the Google team have declined to release too much information about the specific flaws in case hackers acted on the information and attacked people’s devices, but it’s understood that one of the risks was so serious that it would be impossible to salvage an affected iPhone without completely formatting the device, with the loss of all the user’s data. Another of the flaws would allow a hacker to copy data from an affected device without the user’s knowledge or permission.
Apple claims that all of the identified issues have been corrected by the release of IOS 12.4, and are urging their customers to download the new operating software as quickly as possible. Google, though, isn’t satisfied. Having tested the latest software, they believe that one of the five identified vulnerabilities hasn’t been addressed, and so they’re declining to release any information about it to the public until Apple has patched the hole. Apple’s support notes about the issue – published along with the fix – indicate that the vulnerability could, in theory, allow a hacker to execute commands and run code on an affected device without any input from the user.
If that vulnerability is, as Google states, still present, it has to represent a worry for iPhone users. While it’s possible to gamble with a mobile phone, people generally prefer to do that of their own accord on a mobile slots website rather than taking unwanted risks with the security of their data. Playing mobile slots is a voluntary activity which is designed to be fun and rewarding. Rolling the dice with security is anything but. Given the number of people who use iPhones, the value of the data stored on them would be worth more than hitting the jackpot on every mobile slots game a website has to offer combined. There’s an obvious financial incentive for hackers to take hostile action and, according to Google, a means by which they can do so.
Worse News To Come?
Even as the two companies debate whether Apple’s software weakness has been appropriately addressed, there are reports that there might be even more bad news on the horizon for Apple. Next month sees the annual Black Hat conference in Las Vegas, Nevada, at which Natalie Silvanovich is scheduled to speak. She’s one of the experts who work on the Project Zero team, and the preview of her speech suggests that Apple may have vulnerabilities in other places. She’s promised to discuss the potential for hackers to gain access to the Apple Visual Voicemail service, and also its standard Mail app. If there are holes in Apple’s messaging, voice messaging, and email services, it would add up to nothing short of a fully-fledged PR disaster for the company.
At the same conference, someone from Apple’s security team will take the stage and provide information on Apple’s latest security measures. By the time they do so, there may be greater scrutiny of that presentation than anything else that occurs at the conference. It’s to be hoped that Google at least do Apple the courtesy of telling them about the issues and giving them the chance to repair them before the conference.
Any opportunity for either Apple or Google to cause a bad news day for each other is unlikely to be passed up on, as a drop in the sales of one company is likely to lead to a spike in the sales of the other. This has been a bruising experience for Apple, and the bruise may not fade for some time yet. It’s probably safe to assume that their security team is currently working overtime to ensure that their security issues are wholly addressed. We also wouldn’t be surprised to find out that they’ve now also put together a specialist team who are trying to find issues with Google products, so they can return the favor at a later point.
In the meantime, if you are an iPhone user, given the severity of the security issues it’s recommended that you upgrade to the latest version of Apple’s operating software immediately. The best advice for all smartphone users – regardless of brand affiliation – is to have automatic software updates turned on at all times to receive patches the moment they’re issued.