A new report describes a horror discovery by Google's elite bug-hunting team, calling it "one of the biggest attacks on iPhone users ever."
It's unbelievable and yet true. According to Google's "Project Zero" team, hacked websites were the basis for the largest iPhone hack in the history of iOS - opening such a page was enough to directly compromise the affected iPhone. In a blog post, Ian Beer explains that his Threat Analysis Group (TAG) uncovered the prepared websites earlier this year. "The hacked sites were used to randomly attack visitors with an iPhone“ – writes Beer. “There was no target discrimination; simply visiting the hacked website was enough for the exploit server to attack your device – if the attack was successful, it installed a surveillance implant.” Beers estimates that the hacked websites have thousands of visitors per week – he declined to say which websites these were.
Launched with iOS 10
The TAG believes that the entire operation lasted a full two years. Infected iPhone devices could be completely read and tracked. Whether iMessage, WhatsApp or other popular applications - nothing was safe from the hackers - even the iCloud keychain could be read. But how could this horror scenario come about? Google's elite bug search team found five unique iPhone exploit chains that were included in almost every iOS version from iOS 10 to iOS 12. According to Google, the range of iPhones affected extends from the iPhone 5S to the iPhone X. In total, there were 14 vulnerabilities. Among other things, the security mechanisms of the web browser were affected, in several cases the kernel and also the IOKit. According to the report, the vulnerabilities were used to insert a digital implant into iPhone devices - this made it possible to view all data such as chat histories, media, etc. - and real-time location of the devices was also possible.
It ended in February
But the biggest problem is the iCloud keychain – this too was not safe from data theft – with long-term consequences. While the malware is removed from a compromised iPhone when it is restarted, attackers can potentially "maintain permanent access to various accounts and services by using the stolen authentication tokens from the keychain – even if they lose access to the affected device". Google itself informed Apple about the problem on February 1st of this year and gave the company around seven days to provide an update.
Apple then released iOS 12.1.4 on February 7th and announced Google's findings in an accompanying document. If you want to know more details about the incredible discovery, you can read the detailed analysis on the subject on Google's blog in English. readThe changes in iOS 12.1.4 are also explained in more detail here. (Photo by gualtiero boffi / Bigstockphoto)
