Google finds evidence of attempted mass iPhone hack

2/9/2019 16:10:00

Google has uncovered evidence of a sustained effort to hack large numbers of iPhones over a period of at least two years, its researchers said.


Earlier this year, Google cybersecurity experts "discovered a small collection of hacked websites" that exploited vulnerabilities in Apple's (AAPL) smartphone software, Ian Beer, a researcher with Google's Project Zero, said in a blog post published Thursday. He did not name the websites.


"Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant," Beer added. "We estimate that these sites receive thousands of visitors per week."


The implant was capable of giving hackers access to iPhone users' contacts, photos and location, as well as data from apps like iMessage, WhatsApp, Telegram, Gmail and Google Hangouts, according to the Project Zero researchers.


The Google (GOOGL) researchers discovered "a total of fourteen vulnerabilities," half of them linked to the iPhone's web browser. They informed Apple of the vulnerabilities on February 1, prompting the company to issue a software update six days later when it admitted certain applications could potentially "gain elevated privileges" and "execute arbitrary code."


Beer described the attempted hack as a campaign to exploit "iPhones en masse." He also said it was "a failure case for the attacker" and it was not clear from the post whether any data was actually stolen.


Neither company responded immediately to a request for comment on Friday.

The vulnerabilities covered almost every version of the iPhone operating system "from iOS 10 through to the latest version of iOS 12," Beer added.


"This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years," he wrote.


Beer said that also warned that there could be other potential attacks.

"For this one campaign that we've seen, there are almost certainly others that are yet to be seen," he said. "All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them."





PUKmedia / CNN 


During the international conference Ziyad Raoof appealed to help Kurds

19th edition of the international conference “The Role of Catholic Church in the Process of European Integration” took place in Krakow from 11 to 12 October 2019. As every year, one of ...

»  Monograph by doctor from Kurdistan Hasan al Rifaie has just been released in Poland
»  Photo... Australian Kurds demonstrate in support of Western Kurdistan

Susan Rice: U.S. has ‘sold out the Kurds’ with Syria move

Susan Rice, former U.S. ambassador to the United Nations and national security adviser in the Obama administration, joined Judy Woodruff on PBS NewsHour and discussed the Trump administration&rsquo...

»  INTERVIEW: Kurdish leader Ilham Ahmed on security in North and East Syria
»  A political analyst: The subject of the disappeared will be raised for electoral campaigns

UN Says 14,000 'Grave Violations’ Against Afghan Kids in 4 Years

Deteriorating security across Afghanistan in the past four years led to over 14,000 “grave violations” against children, including nearly 3,500 youngsters killed and over 9,000 injured,...

»  Revealed: hundreds of migrant workers dying of heat stress in Qatar each year
»  Turning the tables: global poverty conference to be held in a slum