PALM BEACH COUNTY, FL – September 17, 2019 – Michael Hernandez, a 20-year-old budding tech entrepreneur and co-founder of XYZ Media Group, discovered a vulnerability in all iPhones and Apple Watches that allows users to disable anyone’s messages app, preventing that person from sending messages.
After demonstrating the exploit to a few close friends, and subsequently breaking their phones, Michael decided to do what Apple calls “responsible disclosure” and emailed the official Apple security team with a video, titled “Apple, I Broke Your Operating System.” He then didn’t hear back from Apple throughout the process, except an official email from the security team saying they were “working on it”, and not to tell anyone else about the exploit until they had finished patching it.
The next time he would hear from them was in an official Apple product security newsletter when they gave him recognition for identifying the security issue, among other contributors to the last security update such as researchers from Google’s “Project Zero” team, dozens from Team Pangu, a world-renowned security team responsible for multiple successful iPhone jailbreaks, and a few from Trend Micro’s “Zero Day Initiative’ team.
The exploit was something Michael discovered inside Messages in iOS. “I was poking around inside the ‘send current location’ feature inside messages on Mac OS, and I noticed if you drag someone else’s current location that they send you to your desktop, you can send it to other people as if you were in that same location,” Michael said.
He then asked himself, “Could people actually spoof their position to any geographical location on earth?” He needed to find out, so he reverse-engineered it in order to break it and found that if someone opened the location file on their computer with a text editor, it displayed the coordinates in longitude and latitude. He tried dozens of longitude+latitude combinations before he found the line of code that would break it. He input the exact coordinates of the north pole and some bits and pieces of ancillary code to make it all work and sent the file to his business partner, Jonathan Garces, over text. “I received a text from Michael with a faulty current location, and my phone just crashed and never powered on again. I had to go to an Apple Store and have them reset it,” said Jonathan. This meant that anyone who received a text containing the file would entirely lose functionality of their phone, something that could be used maliciously in the wrong hands. Apple thankfully took it seriously and corrected the security concern in their latest IOS release (search for Michael or XYZ Marketing): https://support.apple.com/en-us/HT210346.
Michael Hernandez (http://instagram.com/myke) is Co-Founder of XYZ Media Group, a specialty marketing firm focused on helping brands access and engage with generations X, Y, and Z.
To learn more, visit http://www.xyzmarketing.agency/.
Media Contact
Company Name: XYZ Media Group, Inc.
Contact Person: Jonathan Garces
Email: Send Email
Phone: 9544409056
Address:21218 St Andrews Blvd Suite 628
City: Boca Raton
State: FL 33433
Country: United States
Website: http://xyzmarketing.agency