Hack Exploited Apple Users for Two Years

Hack Exploited Apple Users for Two Years

Originally Published on this site

Hack Exploited Apple Users for Two Years

Hack Exploited Apple Users for Two Years

Researchers from Google’s Project Zero have discovered a threat campaign that operated against users of Apple iOs devices for two years. 

Earlier this year Google’s Threat Analysis Group (TAG) discovered that a small collection of hacked websites was being used to carry out indiscriminate watering-hole attacks against visitors, using iPhone zero-day.  

Victims were ensnared just by visiting one of the hacked websites, which are estimated to have attracted thousands of visitors per week. This simple action alone was enough to inadvertently trigger an exploit server to attempt to install a monitoring implant on the user’s device.

Hackers exploited flaws in iPhone software to stealthily take over a victim’s device and access a user’s contact info, media files and GPS location, together with data from InstagramWhatsAppTelegram and Gmail.

TAG collected five separate, complete and unique iPhone exploit chains, covering most versions of the device from iOS 10 through to the most recent version, iOS 12. 

“This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years,” said Project Zero’s Ian Beer.

He went on to say that investigations into the root causes of the vulnerabilities revealed code that appeared to have never worked correctly, had missed the quality assurance checks or “likely had little testing or review before being shipped to users.”

TAG found 14 different software flaws, seven of which affected the iPhone’s Safari web browser. The group reported the issues to Apple with a seven-day deadline on February 1, 2019, which resulted in the out-of-band release of iOS 12.1.4 on February 7, 2019. 

After summarizing the findings, Beer warned users to wise up to the very real threat of cyber-attacks and to consider where the data they constantly put into their devices may one day end up.    

He said: “The reality remains that security protections will never eliminate the risk of attack if you’re being targeted. 

“All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives yet also as devices which, when compromised, can upload their every action into a database to potentially be used against them.”

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.


vox-messenger-secure-corpLogo-60x60

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is a secure alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Coming Soon.

All Rights Reserved - Copyright @ 2018 - Vox Messenger (a Division of Kryotech Ltd.)