Google finds evidence of attempted mass iPhone hack

2/9/2019 16:10:00

Google has uncovered evidence of a sustained effort to hack large numbers of iPhones over a period of at least two years, its researchers said.


Earlier this year, Google cybersecurity experts "discovered a small collection of hacked websites" that exploited vulnerabilities in Apple's (AAPL) smartphone software, Ian Beer, a researcher with Google's Project Zero, said in a blog post published Thursday. He did not name the websites.


"Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant," Beer added. "We estimate that these sites receive thousands of visitors per week."


The implant was capable of giving hackers access to iPhone users' contacts, photos and location, as well as data from apps like iMessage, WhatsApp, Telegram, Gmail and Google Hangouts, according to the Project Zero researchers.


The Google (GOOGL) researchers discovered "a total of fourteen vulnerabilities," half of them linked to the iPhone's web browser. They informed Apple of the vulnerabilities on February 1, prompting the company to issue a software update six days later when it admitted certain applications could potentially "gain elevated privileges" and "execute arbitrary code."


Beer described the attempted hack as a campaign to exploit "iPhones en masse." He also said it was "a failure case for the attacker" and it was not clear from the post whether any data was actually stolen.


Neither company responded immediately to a request for comment on Friday.

The vulnerabilities covered almost every version of the iPhone operating system "from iOS 10 through to the latest version of iOS 12," Beer added.


"This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years," he wrote.


Beer said that also warned that there could be other potential attacks.

"For this one campaign that we've seen, there are almost certainly others that are yet to be seen," he said. "All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them."





PUKmedia / CNN 


Commemoration of 3 Kurdish activists shot in Paris

Thursday, Kurds saluted the seventh anniversary of the assassination of 3 Kurdish women activists in France.


The crime took place on January 9, 2013, targeting 3 female Kurdi...

»  3 Kurdish girls die in a fire in Norway
»  Kurdish teenager plays for several European football clubs

Quarantined citizen in Sulaymaniyah: services provided are impossible for major countries

One of the citizens inside a quarantine center in the city of Sulaymaniyah said that what the medical and administrative staff provide is not possible for major countries to provide, and that the q...

»  Susan Rice: U.S. has ‘sold out the Kurds’ with Syria move
»  INTERVIEW: Kurdish leader Ilham Ahmed on security in North and East Syria

PUK an umbrella for coexistence and rapprochement between religions and components

We are approaching the 45th anniversary of the founding of the Patriotic Union of Kurdistan and the start of the new revolution of our people, this party has achieved many great achievements that c...

»  The biological and political challenges facing Iraq’s new government
»  America’s Opportunity in the Middle East