Posted on June 8, 2020 at 3:13 PM
A recent report revealed that hackers can gain complete control of users’ full account by exploiting an Apple iOS vulnerability known as “Sign In With Apple.”
Based on the report of news site ScreenRant, the new bug was visible in the verification service of Apple, and hackers can use it to launch malware attacks on users.
The Sign In With Apple vulnerability can result in possible malicious acts when unauthorized persons access the third-party apps since there is no form of protection to the user information.
Apple is not as secured as expected
As the new bug has been discovered, it will make sure the iOS operating system is more secure than before. But this also shows that Apple’s security is not as strong as people may believe. Many users would think that the security of a tech-centric firm like apple would be a fortress and impenetrable. But the firm has proven people wrong with a series of vulnerabilities discovered lately on the platform.
Many people perceive Apple products and services as a safer option than other Android devices. Although this new vulnerability was found in a controlled environment, this does not take away the fact that Apple is not new to poor security scenarios. There have been several reports of vulnerabilities, and these have been occurring frequently in recent times.
The report revealed that the Apple ID of the user could be used by attackers to gain access to their login information. When access is granted, it could result in malicious acts, putting personal details, emails, and banking information at risk.
New Apple vulnerability utilizes verification service
The Hacker News recently reported that Apple had to shell out $100,000 as bug bounty to Bhavuk Jain, an Indian bug researcher after he discovered a highly critical bug that affected the iOS “Sign In With Apple” system.
The “Sign In With Apple” has been used to register user accounts on apps and third-party services. Now, the service is the main target of hackers, as it can easily give access to hackers by granting authentication remotely.
ScreenRant said the vulnerability was even discovered when the hackers accessed information via user identification. When the user clicks on the “Sign in With Apple”, A JSON Web Token (JWT) is automatically sent, granting authorization. Afterward, the company sends a request demanding the user’s login information.
The vulnerability has been patched
The report revealed the vulnerability has been patched. The vulnerability could have given remote access to circumvent authentication to take over targeted users’ accounts on third-party apps and services.
“Sign in With Apple” was launched at Apple’s WWDC conference last year. During the launch, its feature was introduced as a privacy-preserving login system allowing users to easily sign up an account using third-party apps without revealing their email address.
In a recent interview, Bhavuk Jain said the vulnerability he found was from the manner Apple was authenticating a user on the client-side before accepting a request from the platform’s authentication servers.
Vulnerability is very critical
Bhavuk discovered that even though Apple requests that users log in to their Apple account before granting their request, it does not validate whether the same user is requesting JWT from the authentication server.
As a result of the lack of validation in that section, an attacker could send a different Apple ID belonging to the victim, deceiving the Apple servers to generate JWT payload which was legitimate to access third-party service using the user’s identity.
He also said the vulnerability is very serious as it can allow the attacker to take complete control of the victim’s account. “The impact of this vulnerability was quite critical as it could have allowed a full account takeover,” he said.
The researcher also said the bug functions even if the attacker hides their email ID from third-party services, which they can exploit to sign up a new account using the user’s Apple ID.