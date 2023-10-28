October 29, 2023
iLeakage hackers can read Gmail on all iPhones and Macs from 2020 or later


Security researchers funded by the US Air Force Scientific Research Officer and the Defense Advanced Research Projects Agency have revealed how hackers can extract data, including your Gmail inbox, from Apple devices running iOS, iPadOS and macOS. Dubbed iLeakage, this side-channel attack can be deployed against Apple devices with A and M series CPUs from 2020 and targets the Safari web browser as well as any browser app running on an iPhone or iPad. May go.

What is iLeakage exploitation?

Researchers at the Georgia Institute of Technology, the University of Michigan and Ruhr University in Germany were among those responsible for uncovering the so-called Specter speculative execution attacks in 2018. iLeakage uses the same type of speculative execution to conduct attacks against Safari on macOS devices. However, it works against any browser on iPhones and iPads, requiring them to use Apple’s WebKit engine under the hood.

In their paper, iLeakage: Browser-based timerless speculative execution attacks on Apple devices, the researchers revealed the extent to which this exploit can be used. A hacker can recover sensitive information by causing Safari or any other WebKit-based browser to render an arbitrary page. “Specifically, we demonstrate how Safari allows a malicious webpage to recover secrets from popular high-value targets,” the researchers revealed, which also includes “Gmail inbox contents.” But the problems don’t end there; Researchers also demonstrate exploits that can lead to “password recovery” when auto-filled by password managers.

How an iLeakage attack could read your iPhone Gmail inbox

The paper says that when it comes to Gmail, one of the world’s most popular email providers with billions of users, an exploit target is likely to be signed in to their personal Google account. “By placing an event listener inside the attacker’s page access that executes window.open(gmail.com),” the researchers explain, “we can aggregate the target’s inbox view into the attacker’s address space.” We then leak the contents of the target’s inbox. “I have contacted Apple and Google for a statement and will update this article if one is provided.

Mitigating Ileakage Attack Scenarios

According to researchers, Apple was made aware of the iLeakage exploit discovery on September 12, 2022. So far, the only mitigation from Apple in over a year appears to be reserved only for Safari on Macs running macOS Ventura 13.0 or later. Which is considered unstable to use and is not enabled by default. You can see the exact details in the iLeakage FAQ. There is no fix for iPhone or iPad users at this time, although Apple is understood to be working on a fix.

Are attackers already taking advantage of iLeakage?

The good news is that the iLeakage exploit has not been used in the wild, as far as is known. Not least because, as the researchers note, it is “a fairly difficult attack to orchestrate end-to-end, and requires advanced knowledge of browser-based side-channel attacks and Safari’s implementation. ” The bad news is that iLeakage leaves no trace of an attack within system log files, although the attacking web page may be found in the browser cache as it runs within Safari. Researchers have confirmed that it is “highly unlikely” that an attack will be detected.

