Hackers have been planting spyware on iPhone users' devices over a two-year period, exploiting a vulnerability in the technology's operating systems, Google said Friday.
The Bad Actors Targeted a Group of Infected Web Sites When Visited by iPhone Users According to Ian Beer of Project Zero, a team of Google security analysts investigating cybercrime, the devices attacked and, in some cases, installed malware.
"There was no target discrimination – the exploit server could only attack your device by visiting the hacked site, and if successful, you should install a surveillance implant, which we estimate will reach thousands of visitors per week. " Beer wrote in a blog post.
The implant allowed hackers to access data from Apple customers, including their passwords and personal contacts, as well as messages sent through iMessage, WhatsApp, Gmail, and Google Hangouts were sent. According to researchers from Project Zero.
Almost every version of Apple's iPhone operating system – from iOS 10 to the latest version of iOS 12 – is vulnerable, he said. However, it is unclear how many users could be affected.
Old bug, new hack
The identified vulnerabilities of Beer are not new, but have been exploited in a novel way.
"Ian shows that this is the first time that these types of vulnerabilities have been exploited on the Internet, and if the malicious code exists on a particular Web site that has been accessed, the unsuspecting user becomes infected and remains blissfully ignorant." In this case, no user intervention, such as a request to click on a link, was required to allow an iPhone to be inflected. "PrivacyWatch: Phones of WhatsApp user hacked with missed calls glitch
The scope of the hack suggests that it is more likely of "It requires a lot of research and there has to be an endgame motive for it," he told CBS MoneyWatch. "It is possible that those who are behind the hack have a certain demographic or
"My personal guess is that this is not the work of an average hack he is. "he added.
There is also no secure way for users to protect themselves from security breaches, Beer said. "All users can do is realize that mass exploitation still exists and behaves accordingly, treating their mobile devices as an integral part of their modern lives, as well as devices they compromise on be able to upload any action to a database. " possibly be used against them. "
Google shared Apple's February results, after which the technology giant released an updated operating system to fix the bugs.
Android is not safer
While Beer highlights some of them Attack should not be misunderstood to suggest that Google's Android operating system is safer, said Levin.
"It should not be take-away:" I'll use Android from now on because it's safer, that's a long time not everything, "he said. "Similar and / or potentially worse bugs exist on Android and other operating systems, and this time Google Project Zero simply chose to highlight iOS."
Apple claims to be the safest operating system, and with good reason. "Apple is investing tremendous efforts to secure iOS at multiple levels right down to its proprietary hardware, and is still far ahead of Android in some aspects," Levin said.