Text Vulnerability Discovered in iPhone and iPad
A security researcher today released details of a new vulnerability with serious implications for users of nearly all Apple products, but especially the iPhone and iPad. The flaw affects users of all versions of iOS and Mac OS X; and thus all Macs and iOS devices, including the latest MacBook Air and MacBook Pro models. The flaw also appears to affect the Amazon Kindle and many other ebook readers. The Apple TV is not affected.
According to the researcher, Carl Noevil of Applied Conceptual Defense, any device capable of displaying the written word is vulnerable to social engineering attacks that could seriously affect its users. Once the device has been exploited, the attack self-propagates through all copies of the affected materials. Applied Conceptual Defense sells various filtering technologies that protect against the newly discovered vulnerability. Their security advisory states:
“This is one of the most serious vulnerabilities we’ve discovered. The flaw affects nearly all Apple products and we’ve notified Apple, yet Apple has yet to provide any patches or notifications to their customers. We decided to release our findings so users can protect themselves until a fix is available. Current users of our products are fully protected.”
When we queried Noevil for additional information via email, he wrote:
“We couldn’t believe all the potential vectors we found. We were able to completely exploit almost every device and system we attempted to attack. While we mostly focused on Apple, we also proved that the vulnerability affects any device capable of displaying text, and it was trivial to create cross-platform attacks. Considering the severity of this vulnerability, we can’t believe Apple isn’t better protecting their customers. It’s completely irresponsible.”
With maliciously structured combinations of characters, the attacker could spread divisive ideas or disinformation, cause a neurological buffer overflow, or generate an actual emotional response in the user. In extreme cases, an attack could create a disabling cognitive dissonance. That form of the attack has been correlated to actual physical injury if the user has their text display device activated while operating a motor vehicle.
Unlike most security vulnerabilities, these attacks have been correlated to massive damage in the physical world, and they can propagate through both traditional and modern digital communication media. In a blog post the researchers state:
“We’re still analyzing the historical research, but from what we can tell this vulnerability has been around for a very long time. We’ve found cases where it resulted in everything from poor decision making and emotional distress to political upheavals. The entire American Revolutionary War was the result of a variant of this vulnerability, for instance, and our investigations indicate that it may have played a role in the lead-up to the Bolshevik Revolution as well. There are also indications that WikiLeaks is actually a bot designed to exploit this vulnerability, but we haven’t yet finished decompiling all the code.”
The researchers said they focused on Apple due to the popularity and proliferation of Apple products, and plan on releasing further research about the Amazon Kindle, Barnes & Noble Nook, and other trendy products that easily garner press attention. Aside from electronic devices, the vulnerability reportedly also affects printed books, magazines, newspapers, and even billboards.
According to Applied Conceptual Defense, users of their ViewBlock textual filtering technology are not affected, and we’ve seen online comments that wearers of the Joo Janta 200 Super-Chromatic Peril Sensitive Sunglasses are also protected.
Apple did not respond to requests for comments.
A good effort, shows lots of thought and nicely plays to the Mac users vulnerabilities
Excellent! Had me until "the attacker could spread divisive ideas or disinformation, cause a neurological buffer overflow, or generate an actual emotional response in the user. "
me, too! On the floor here, excellent piece for April Fools or "poisson d'avril" (April... fish!) as we say in France!
I've been watching too much Dr Who...almost got me.
Perfect April Fools. Good laugh, made my day.
Bring up the next April 1-scare!
Carl No-Evil did it for me
Couldn't resist the C. No Evil construction. :-)
Excellent! I got to about the middle of the piece before I realized what day this was. I actually bought the "Lioness" piece and the "Word 5.1" piece. D'oh!
Did you see that the Lioness app is real? Many Tricks actually wrote it after I sent them the article to see if they'd mind being named in the piece. Download it and see!
Apple did respond to my email about this vulnerability. They were mostly concerned that an Apple product might have changed the outcome of the Revolutionary War. Their engineers did come up with a fix, however: turn off the power at the source coming in to your house. Then use a candle, quill, and birch bark to continue your work.
As I began to read this article it didn't take me long to wonder about its verity. The title 'Applied Conceptual Defense' seemed fishy and then it struck me today is April 1. Really nice job, guys!
This had April Fool written all over it from line one. Still, it gave me a smile
I was on to you in a couple of grafs! But I was primed last night (yes, before 4/1 -- oops!) by a local political spoof that was even more complicated and diabolical than yours. Glad so many have gotten into the spirit this year!
I have just deleted All my news feeds for today. I'll just start over tomorrow. Any thing that's true will resurface. ;-)
If you delete the feeds now, they shall become more powerful than you can possibly imagine tomorrow.
When will people stop thinking that April Fools stories are a good idea? They ceased to be funny when I turned 10. Oh well, maybe I am just a cranky old curmudgeon.
April Fools?! Frack! Just when I perfected the disinformation feedback loop on my tin foil protective beanie and was going to let everyone know how to DIY it. Now I'm not going to tell you, so you'll never know, you humor hobbled bastards!