Security researchers have warned that a new vulnerability in the iPhone 6 Plus smartphone is “quite dangerous” and that the iPhone maker should be very careful with the encryption features it has put into the smartphone.
Security researchers at security firm Symantec, who were able to find a security hole in the device’s Bluetooth encryption, said in a blog post that the vulnerability in Apple’s iPhone 6S and 6S Plus smartphones was “a significant one” because it allowed the attacker to read the encryption keys stored on the phone’s storage and “to decrypt the phone data on any device with the same iPhone”.
They added that the device was able to “exploit a weak security protocol called Bluetooth Low Energy, or Bluetooth LE, to eavesdrop on conversations on a target phone”.
“By exploiting this weakness, the attacker can remotely access any iOS device connected to the device via Bluetooth, and potentially decrypt the entire data on the device and/or any data in iCloud, including the content of the iPhone,” the security firm said.
“If an iOS device with this vulnerability is used for any purpose other than to access the internet, the affected device could be used to carry out a variety of attacks, including ransomware, phishing, or hacking.”
Symantec noted that “many iOS devices already use Bluetooth LE as an encryption mechanism”.
“This is a very common protocol used in many smartphones, such as the iPhone and iPads,” they said.
“The iOS 6S, 6S+, and 6s Plus smartphones use this protocol to encrypt data, but the iOS 6 is the first phone that uses Bluetooth LE for encryption, and is therefore potentially vulnerable.”
“As iOS is the only smartphone on the market that uses this protocol, it is especially concerning that the vulnerabilities we found in iOS 6 are so similar to vulnerabilities that have been used by other Android smartphones,” they added.
“We have identified several other iOS devices that have also been vulnerable, but we do not have any evidence that this is the case for iOS 6.”
The security vulnerabilities we identified are not unique to iOS 6, and many Android phones have been affected by these same weaknesses.
“Symptom reports that Apple’s iOS 6 software allows users to set the security settings on a device to be secure or secure-only, or to enable a default level of security that is lower than the level set by default in the software.
The vulnerability that has been discovered by Symantech is only visible in the firmware of the device that is using the Bluetooth encryption protocol.
Symptech said that because the device is being used for data transfer over the Internet, it would be difficult to get into the data stored on that device, as there are no passwords, encryption keys, or other data stored locally on the handset.”
A user with access to the handset can decrypt the data on that handset, and thus steal data from the device.
If a user can use this vulnerability to access data on a connected iPhone, it could allow the attacker access to other devices on the network,” the researchers wrote.
Apple did not immediately respond to a request for comment.
Apple is not the only handset maker to be targeted by hackers who want to exploit vulnerabilities in the iOS security platform.
Apple is an example of a company that has demonstrated the courage to stand up and take the first steps to secure their devices from attack. “
It’s important to note that this isn’t the first time we’ve seen iOS vulnerabilities exploited by hackers, and we don’t believe this one will be the last,” said David Karp, the chief security officer of security firm Kaspersky Lab, in a statement.
“Apple is an example of a company that has demonstrated the courage to stand up and take the first steps to secure their devices from attack.
We hope other companies will follow suit and start to fix security issues as soon as possible.”
Apple, for its part, has not commented on the security issues it has found.
The Symantek security researchers said that “there is a high possibility that other iPhone devices will also be affected” by the Bluetooth vulnerability.”iOS is still one of the most popular mobile operating systems, with more than 80% of the world’s mobile devices, including millions of smartphones, connected to it,” they wrote.
“It’s critical that Apple take the steps necessary to secure its devices from further attacks and to take full responsibility for the security of its users.”