Last week computer security specialists from Google announced that thousands of iPhones had been hacked using a vulnerability seen in almost every version from iOS 10 through to the latest version of iOS 12. Google’s Project Zero team, a division of Google that tries to find and report security vulnerabilities across popular systems, confirmed in a blog post that they had found evidence of attempted mass iPhone hack that has likely affected thousands of people over the last couple years.
The team working for the largest search engine in the world confirmed that multiple websites have been hacked and used as tools to attack iPhone users who visit them. According to the cybersecurity researchers, affected users were not targeted in a discriminative way, but all iPhone users who visited the websites without any anti-virus protection have been infected with malicious software. The moment iPhone users were visiting the infected sites, their servers were able to install a form of monitoring spyware.
Even though Google refused to name the websites, the company’s spokesperson confirmed that the tactics of exploiting the iOS included sites that are usually visited by people living in a specific geographic region or being part of particular ethnic groups. Google did not name which neighborhoods, ethnic groups, or cities might have been the targets.
What info has been stolen from the affected users?
The spyware installed on iPhones were able to give hackers access to information such as location, contacts as well as information from popular instant messaging apps such as Telegram, iMessage, and WhatsApp even if they were encrypted. Google researchers also confirmed that information stored on Gmail, and Google Hangouts had been made available to hackers because of the iOS vulnerability. Because of the malware’s deep level of access, it has been able to access sensitive information such as messages before they were encrypted.
The computers security specialists from Project Zero discovered 14 security flaws that left vulnerable almost every part of the iPhones, including the device’s web browser and its operating system. Google says at least one of the exploits detected by the security team was unpatched at the time of discovery. Apple was notified about the vulnerabilities and claims it has patched all vulnerabilities within a week. The smartphone manufacturer declined to comment further but advised users to keep their devices fully updated to prevent this vulnerability from affecting its users in the future.
Who is behind the attack?
It is currently unclear if the vulnerabilities have been used by a lone wolf or have been backed by a group of hackers sponsored by a foreign state. However, cybersecurity researchers are more inclined to believe that taking advantage of such exploits would require an immense amount of resources, so it is more likely that the attack has been designed and executed by a foreign state. There is no evidence to which international state might be behind the attack, and it is unknown if China, Iran, or Russia are among the countries who might be involved.
Malicious websites exist, and the unpleasant truth is that sometimes if you are not protected, your device is unable to withstand the sophisticated attacks coming from such sites. Most of the times, smaller websites are infected and dangerous for you as budgets for cybersecurity protection, and monitoring is not as high as they are on hugely popular sites. Maintaining good password hygiene, keeping your smartphone’s OS up-to-date, and having reliable anti-virus software installed on all your connected devices is a must should you want to decrease the chances of becoming a victim.