After identifying this many vulnerabilities for the iPhone, Apple might have to start calling Project Zero, from competitor Google, Project Hero instead.
What is Google Project Zero?
Even though its title sounds like nothing, Google Project Zero is far from that.
Here's how Tech Target describes the group:
The role of the Project Zero team is to find vulnerabilities in popular software products, including those created by Google itself.
When the research team discovers and validates the existence of a vulnerability, the team quietly reports the bug to the company responsible for the software and gives the company 90 days to fix the problem.
But, if you want a short definition, you could just call them the "super secret, super smart Google group of bug-hunting hackers." That has a nice ring to it.
And they just used some of their magic powers for Apple.
Reporting on the iPhone's vast attack landscape
Following up on rumors about the iPhone's fully-remote vulnerabilities, Project Zero decided to investigate themselves.
Their findings?
Yep. They found exploits, and a whole lot of them too. None of which require user interaction:
We focused on the attack surfaces of the iPhone that can be reached remotely, do not require any user interaction and immediately process input. There are several attack surfaces of the iPhone that have these qualities, including SMS, MMS, VVM, Email and iMessage.
Google Project Zero found most of the exploits in iMessage, like the one outlined in the video below:
They found a total of 10 vulnerabilities across these attack surfaces. And true to their word, they gave Apple time to fix its mistakes; every exploit has since been resolved.
Though Project Zero also made it clear that they hope Apple will change its ways:
Overall, the number and severity of the remote vulnerabilities we found was substantial. Reducing the remote attack surface of the iPhone would likely improve its security.
