Posted on August 30, 2019 at 8:49 PM
Cybersecurity specialists at online giant Google recently stated that hackers have been taking advantages of compromised web pages to perform their shady acts, this time by installing what Google calls monitoring implants in iOS devices, specifically iPhones. The scary thing is that, according to researchers, this had been done for years.
The software in question could collect images, contacts, and other crucial data from users. Via a blog post, Google’s Project Zero Ian Beer observed that the breached sites had received numerous visitors (even thousands of them) each week.
Just Visiting the Compromised Site Was Enough
Beer also informed that the cybercriminals didn’t discriminate when it comes to targets: if the person visited the hacked site, that was enough for the exploit server to attack the visitor’s device. If the offense was successful, a monitoring implant would be installed in that person’s device.
Project Zero is known around the industry for being Google’s team for examining innovative security vulnerabilities at all levels, brands, and devices. According to Beer, the majority of the security flaws associated with the iPhone were found in Safari, Apple’s go-to web browser.
The most frequently targeted operating systems in the hacking attack were from iOS 10 to iOS 12. The exploit could have access to crucial details of people’s accounts in social networks and apps such as Gmail, WhatsApp, or Instagram, for example.
The breadth of the damage could be considerable. Once compromised the user’s device and accounts were almost completely exposed to the attack perpetrators, which could know the victim’s real-time location, the device’s keychain with all the passwords, and also chat history in WhatsApp, Telegram and iMessage; their address and contact book, and their Gmail database.
14 Bugs in Total
A total of 14 bugs were exploited by the attackers in five different exploit chains, which are strings of flaws linked together so that a cybercriminal can go from one to another with increasingly severe consequences.
The fact that the attack was spotted and disrupted was, according to Beer, a failure from the hacker’s point of view. However, he warned that there could be similar attacks in the not so distant future, so people need to be wary of what they do online.
The world’s biggest Internet-related company stated that it reported the security issue to Apple on February 1, and the tech giant came up with an operating system update six days later, precisely on February 7.
It is important to know, according to Beer, that although the implant is not actually saved on Apple devices, it has the ability to recurrently provide access to cybercriminals when a person visits a compromised website. Therefore, the risk for privacy breach is always looming despite the attack being reportedly over since the start of the year.
Given the extent of the damage caused by the stolen data, hackers might be able to keep persistently accessing several services and accounts just by implementing stolen authentication data and tokens from the keychain, and it doesn’t matter if they lose access to the iPhone, per Beer’s remarks.
At the moment of writing this article, Apple hasn’t publicly addressed the situation, amid growing concern of a huge user consumer base from all over the world. The brand is firmly in the top 3 in the ranking of most mobile devices sold.
An Unprecedented Attack
The iPhone hacking operation had no precedents. It affected thousands of users per week, but it was disrupted back in January, at least according to the latest reports. However, users are worried because the fact that a similar attack can target iPhone devices again can’t be completely dismissed.
According to The Guardian, the hacking operation was active for nearly two and a half years. It is important to note that no interaction once inside the page was needed: just visiting the compromised site was enough for the monitoring implant to be deployed on the affected device.