قالب وردپرس درنا توس
Home / Technology / Google researchers have found malicious websites that have been hacking iPhones for years

Google researchers have found malicious websites that have been hacking iPhones for years



  • Google Cybersecurity Researchers Project Zero researchers discovered a handful of websites used to hack iPhones.
  • After visiting the websites, a "surveillance implant" was placed on the device, with the news, photos, and GPS location data in real time.
  • The hacks spanned iOS 10 through 12, according to Project Zero, over the course of two years.
  • For more information, visit the Business Insider homepage.

Google Researcher I've found a handful of hacked sites tacitly used to infiltrate iPhones over the last two years.

Google cybersecurity analysts Project Zero released a detailed technical blog post on Thursday evening detailing their findings.

"There was no discrimination by the target ̵

1; a simple visit to the hacked site was enough for the exploit server to attack your device, and if successful, install a surveillance implant," wrote security researcher Ian Beer on the blog , Once inside the iPhone, the implant was able to steal news, photos and GPS position data in real time.

Although the blog post did not specify exactly how many of these sites were, the researchers estimated that each received thousands of visitors a week. The hacks spanned iOS 10 through 12, which means a "sustained effort" to hack iPhones over a two-year period, according to Beer.

Read More: Apple accidentally re-opened a vulnerability that makes the iPhone vulnerable to hackers. The researchers found 14 different vulnerabilities that made these exploit chains possible. Seven of these vulnerabilities were found in Safari, the iPhone's default web browser.

Researchers told Apple about their findings in February and gave the company a seven-day delay to address the vulnerabilities. Six days later, Apple updated security on iOS 12. Google gave Apple a much shorter deadline than usual when disclosing security messages. The problem patching rule is 90 days.

Apple has a good reputation for security in general, and earlier this month the company raised the amount it wants to spend on bug bounties – vulnerabilities found by security researchers – at $ 1 million.

Apple declined to comment when contacted by Business Insider.


Source link