A Swedish programmer discovers a vulnerability that can abnormally manipulate iPhone's app notification count and display anonymous messages

In the iPhone and iPad, when there are incoming calls, mail reception, notification from the application, etc., red notifications are displayed along with the number of notifications on the upper right of the corresponding icon. Although it becomes matter of concern when a lot of notifications are gathered, the Swedish programmer can display the number of notifications of the application with an abnormal numerical value, make it impossible to erase it, display an anonymous favorite message, iOS security hole I discovered thatTechWorldWe report it and demonstrate it.

Så enkelt hackar han Iphone - IDG.se
http://www.idg.se/2.1085/1.546628/sa-enkelt-hackar-han-iphone

TechWorld was contacted by Swedish programmer Roman Digerberg "I found a significant security hole in iOS". According to the information, it is possible to make "send an anonymous message to display on the lock screen" to the iOS device, "display the number of display of answering machine and message notification" or "red circle of application notice, We are discovering a vulnerability that can be done ".


Digerberg wrote a C # program for his GPS tracking tool, and accidentally noticed this behavior. As users tapped on the iPhone's display that notifications were issued to the application, "There was an offer to buy technology from several companies," Digerberg says.

Digerberg has offered to demonstrate vulnerability to TechWorld and actually hacked the iPhone of TechWorld's editorial staff. As a result, we succeeded in displaying "250 new answering machines" as follows.


Even when opening the top page, "250" is displayed on the phone icon or answering machine icon, and this notice did not disappear anyway.



When the editorial staff informed that he was successful in hacking, Mr. Digerberg newly displayed a new message "Please buy today's newspaper to TECHWORLD!" On the lock screen.


In addition, I have pop-uped a red notification mark with no numerals written in the phone icon, but this display could not be erased by user's operation.


In addition, you can also display a bad message to the heart like "Remove your mother from this phone" Click "delete".


It is not possible for users to avoid hacking behavior "display an interesting message anonymously or manipulate the number of notifications", and Mr. Digerberg will explain this vulnerability that allows users to do undesired changes without permission I talk about being a "monster", and I'm worried that "If this bug is not corrected, big confusion will occur."