SQLite Vulnerabilities Demoed With Hacking of iPhone, Malware C&C

Researchers have uncovered some potentially serious SQLite vulnerabilities and they have demonstrated their findings by hacking an iPhone and a command and control (C&C) server used by malware.


SQLite is a small, fast and full-featured database management system contained in a C library. SQLite is widely used and it can be found by default in many mobile and desktop operating systems, including Windows 10, macOS, iOS, Android, BlackBerry 10 OS, Oracle Solaris 10, FreeBSD, and LG webOS. It’s also used by popular web browsers such as Chrome, Firefox and Safari.


Researchers at cybersecurity firm Check Point started investigating SQLite after noticing that some pieces of malware steal passwords from compromised machines by collecting the SQLite database files used by the targeted apps to store passwords. The database files are uploaded to the C&C server and parsed using PHP so that their content can be transferred to a central database where the attackers store all collected passwords.


Check Point’s investigation revealed the existence of several vulnerabilities that allow an attacker to execute arbitrary code by getting an application using SQLite to query a specially crafted database.


They demonstrated their findings by creating a SQLite file that, when stolen by a password stealer and uploaded to the C&C server and processed, would create a web shell on the attacker’s server.


They also demonstrated an attack against iOS, which uses an SQLite database to store contacts in the device’s address book. An attacker who has access to the targeted iPhone can replace the legitimate database file with a malicious version and the process querying the database — the contacts database is shared by FaceTime, Contacts, WhatsApp, Telegram and other apps — would execute the code planted by the attacker in the database ..

Support the originator by clicking the read the rest link below.