iPhone security exploit flaw may have attacked thousands of iPhones
The recent iPhone hack was done on hacked websites attacking thousands of iPhones every week for years using undiscovered exploits, they were patched in February, but the details are new — and serious.
Potentially one of the biggest attacks on iPhone users ever, Google’s Project Zero team disclosed a variety of “hacked websites” that had been used to attack iPhones for over two years.
The hacked websites installed malware that required no user interaction, simply visiting an infected website, without needing to scroll, click a button or link, sufficed to infect users iPhones.
The malware could “steal private data like iMessages, photos and GPS location in real-time”; it also had access to users’ keychains and password data, as well as database files containing plaintext of messages sent and received in messaging apps such as Google Hangouts, and even end-to-end encrypted apps including WhatsApp, iMessage, and Telegram.
1 Billion Apple Users May Have Been Attacked
Google’s research team was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12.
The iPhone hack issues were not fixed until iOS update 12.1.4.
The nature of the attack also dispels the belief that iPhone’s are not susceptible to serious, indiscriminate security breaches, which is hugely concerning for every user of Apple’s famous smartphone.
It was noted that the installed malware had access to all the database files on the victim’s smartphone used by those end-to-end encrypted apps. Those databases “contain the unencrypted, plain-text of the messages sent and received using the apps.” said Google researcher Ian Beer.
Shockingly, according to Beer, the hackers didn’t even bother encrypting the data they were stealing, making a further mockery of encrypted apps. “Everything is in the clear. If you’re connected to an unencrypted Wi-Fi network, this information is being broadcast to everyone around you, to your network operator and any intermediate network hops to the command and control server,” the Google researcher wrote.
“This means that not only is the end-point of the end-to-end encryption offered by messaging apps compromised; the attackers then send all the contents of the end-to-end encrypted messages in plain text over the network to their server.”
Sources claim that Android and Microsoft Windows where also targeted in the same iPhone hack exploit
Google’s Android and Microsoft’s operating systems were targeted via the same websites that launched the iPhone hacks, according to the sources, who spoke on the condition of anonymity.
That Android and Windows were targeted is a sign that the hacks were part of a broad, two-year effort that went beyond Apple phones and infected many more than first suspected.
“Google Project Zero was very specific in its blog post that the recently publicized attacks used unique iPhone exploits and they have not disclosed similar information to us,” a Microsoft spokesperson said.
“Microsoft has a strong commitment to investigate reported security issues and, should new information be disclosed, we will take appropriate action as needed to help keep customers protected.”
Apple has yet to offer any statement on the attacks and hadn’t provided comment on the latest developments.
Check your updates and don’t get your iPhone hacked
The issues were not fixed until iOS update 12.1.4. so make sure to check your iPhone for the latest updates and assure you have at least version 12.1.4.
Also read about How to Stay safe online; avoid this common CyberCrime trick