Home Lawsuit reveals weakness in iOS 16

Lawsuit reveals weakness in iOS 16

January 10th – In Moscow, a lawsuit filed by Russian company Elcomsoft alleges that competitor MKO-Systems stole code that can reach into the depths of iOS 16 devices to extract information.

The code can grab hidden passwords, locations, browsing history and other data. Elcomsoft states that its law enforcement clients find this software tool useful when trying to obtain data that would otherwise remain hidden on phones.

The tool means that authorities can gather more data than would otherwise be available via manual review of the phone and its backups.

What type of iOS weakness is it?

According to esteemed cyber security expert Bruce Schneier, Elcomsoft’s software tools likely rely on unpatched flaws, known as zero-days, or chains of vulnerabilities in iOS software.

Jake Williams, former NSA staffer and current faculty member at cybersecurity analyst firm IANS Research, said it was more likely that hackers had reverse engineered select data structures or obfuscation algorithms.

Is iOS 17 affected by the flaws?

Whether or not iOS 17 is affected remains unknown. Apple has not responded to a series of requests for comment.

Flaw finders seek IP theft damages

Elcomsoft is seeking 5,000,000 rubles ($56,000) in intellectual property theft damages.

Although Elcomsoft has only pursued legal action against MKO thus far, the suit also states that the same stolen code has been used by American-based corporate rival, Oxygen Forensics, which was founded by two Russian entrepreneurs who helped establish MKO.

Law enforcement access to iOS 16

Based on the circumstances, it’s possible that the iOS hacking code is now in the hands of both Russian and American law enforcement.

Government contract records indicate that Elcomsoft’s tools have been used by a wide variety of high-profile American government agencies.

Elcomsoft’s CEO, Vladimir Katalov, has confirmed soliciting the tool to the Federal Security Service (FSB), the successor agency of the Soviet-era KGB.

As noted earlier, the tool assists enforcement agencies with extracting information that would otherwise remain hidden on phones — it’s a tool that can be applied to the phones of terrorists, street criminals, undocumented persons, and activists.

For more on this story, visit Forbes.

Related resources