comscore Malicious websites have been trying to hack iPhone for years: Google
News

Malicious websites have been trying to hack iPhone for years: Google Project Zero

Read how malicious websites have exploited zero-day vulnerabilities to exploit iPhone users for years.

  • Published: August 30, 2019 3:57 PM IST
apple-iphone-xs-xs-max-hands-on-1

Google researchers have uncovered a malicious attack against iPhone users, which could be one of the largest ever. They uncovered a series of hacked websites that have reportedly been delivering attacks designed to hack iPhone users. Google says that these websites have delivered their malware indiscriminately. The most interesting fact being that scale were these websites were visited thousands of times every week. The search giant has also observed that these attacks were operational for years. Also Read - iOS 12.1.4 fixes two security vulnerabilities that were ‘exploited in the wild’: Google

Also Read - Apple iOS 12.1.4 is rolling out now; fixes the Group FaceTime security bug

Some of these attacks used zero day exploits and took advantage of vulnerability that Apple was not aware of at the time. In the past, zero day exploits have been found to be the most effective way to hack into devices. Since the impacted company is unaware of the issue, it becomes easier for malicious actors to spread malware without any oversight. Researchers at Google have been at the forefront of finding zero day exploits affecting popular operating systems and software. Also Read - Google Project Zero reveals iOS 11 exploit that could lead to jailbreak

“There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” Ian Beer, member of Project Zero, said in a blog post. “We estimate that these sites receive thousands of visitors per week.”

Beer notes that Google’s Threat Analysis Group (TAG) was able to collect five separate, complete and unique iPhone exploit chains. These exploits are based on 14 vulnerabilities and cover almost every version from iOS 10 to the latest iOS 12. Project Zero team notes that these exploits hint at a sustained effort to hack iPhone users over a period of at least two years. Among these exploits, at least one of the chains has been identified as a zero day exploit.

Photo: Google Project Zero

Apple fixed the issue with iOS 12.1.4 in February after Google alerted the company with a 7-day deadline. Once exploited, the attacker is capable of deploying malware onto a user’s iPhone. “The implant is primarily focused on stealing files and uploading live location data. The implant requests commands from a command and control server every 60 seconds,” Beer explains.

The nature of this attack is unprecedented since the implant also gains access to a user’s keychain. On iOS, the keychain contains passwords as well as databases of end-to-end encrypted applications such as iMessage, WhatsApp and Telegram. With a compromised device, the purpose of end-to-end encryption almost becomes meaningless. Beer also notes that the malware will be wiped if a user reboots their device.

This is not the first time that attackers have targeted iPhone users. In the past, the attacks have been targeted in nature and exploits have been deployed primarily through text message. However, the exploit discovered by Google seems broader and aimed at a specific set of users. Apple has not offered any comment on the issue yet.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel.
  • Published Date: August 30, 2019 3:57 PM IST



new arrivals in india

OnePlus 8T
OnePlus 8T

42,999

Samsung Galaxy F41
Samsung Galaxy F41

15,499

Apple iPhone 12 Pro Max
Apple iPhone 12 Pro Max

1,29,900

Apple iPhone 12 Pro
Apple iPhone 12 Pro

1,19,900

Apple iPhone 12 Mini
Apple iPhone 12 Mini

69,900

Apple iPhone 12
Apple iPhone 12

79,900

Poco X3
Poco X3

16,999

Realme Narzo 20A
Realme Narzo 20A

8,499

Realme Narzo 20
Realme Narzo 20

10,499

Realme Narzo 20 Pro
Realme Narzo 20 Pro

14,999

Oppo F17
Oppo F17

17,990

Samsung Galaxy M51
Samsung Galaxy M51

24,999

Poco M2
Poco M2

10,999

Oppo F17 Pro
Oppo F17 Pro

22,990

Realme 7 Pro
Realme 7 Pro

19,999

Realme 7
Realme 7

14,999

Xiaomi Redmi 9A
Xiaomi Redmi 9A

6,799

Vivo Y20
Vivo Y20

12,990

Xiaomi Redmi 9
Xiaomi Redmi 9

8,999

Nokia 5.3
Nokia 5.3

13,999

Motorola Moto G9
Motorola Moto G9

11,499

Realme C15
Realme C15

9,999

Realme C12
Realme C12

8,999

Samsung Galaxy Note 20
Samsung Galaxy Note 20

77,999

Xiaomi Redmi 9 Prime
Xiaomi Redmi 9 Prime

9,999

Oppo Reno4 Pro
Oppo Reno4 Pro

34,990

Samsung Galaxy M01 Core
Samsung Galaxy M01 Core

5,499

Realme 6i
Realme 6i

12,999

Asus Rog Phone 3
Asus Rog Phone 3

49,999

OnePlus Nord
OnePlus Nord

24,999

Infinix Smart 4 Plus
Infinix Smart 4 Plus

7,999

Xiaomi Redmi Note 9
Xiaomi Redmi Note 9

11,999

Samsung Galaxy M01s
Samsung Galaxy M01s

9,999

Vivo X50 Pro 5G
Vivo X50 Pro 5G

49,990

Vivo X50 5G
Vivo X50 5G

34,990

Realme C11
Realme C11

7,499

Poco M2 Pro
Poco M2 Pro

13,999

Realme X3
Realme X3

24,999

Realme X3 SuperZoom
Realme X3 SuperZoom

27,999

Tecno Spark Power 2
Tecno Spark Power 2

9,999

Oppo A12
Oppo A12

9,990

Oppo A52
Oppo A52

16,990

Samsung Galaxy A21s
Samsung Galaxy A21s

15,999

Oppo Find X2
Oppo Find X2

64,990

Motorola One Fusion Plus
Motorola One Fusion Plus

17,499

Samsung Galaxy A31
Samsung Galaxy A31

20,999

Samsung Galaxy M01
Samsung Galaxy M01

8,999

Samsung Galaxy M11
Samsung Galaxy M11

10,999

Infinix Hot 9 Pro
Infinix Hot 9 Pro

9,999

LG Velvet
LG Velvet

Price Not Available

Xiaomi Mi Note 10 Lite
Xiaomi Mi Note 10 Lite

Price Not Available

Apple iPhone SE 2020
Apple iPhone SE 2020

42,500

Honor 30 Pro
Honor 30 Pro

Price Not Available

Honor 30
Honor 30

Price Not Available

OnePlus 8
OnePlus 8

44,999

OnePlus 8 Pro
OnePlus 8 Pro

54,999

Xiaomi Redmi Note 9 Pro
Xiaomi Redmi Note 9 Pro

13,999

Motorola Moto E4
Motorola Moto E4

8,999

Samsung Galaxy On Max
Samsung Galaxy On Max

9,775

nubia N2
nubia N2

15,999

Karbonn K9 Kavach 4G
Karbonn K9 Kavach 4G

5,290

Motorola Moto C Plus
Motorola Moto C Plus

6,999

Best Sellers