comscore Malicious websites have been trying to hack iPhone for years: Google
News

Malicious websites have been trying to hack iPhone for years: Google Project Zero

Read how malicious websites have exploited zero-day vulnerabilities to exploit iPhone users for years.

  • Published: August 30, 2019 3:57 PM IST
apple-iphone-xs-xs-max-hands-on-1

Google researchers have uncovered a malicious attack against iPhone users, which could be one of the largest ever. They uncovered a series of hacked websites that have reportedly been delivering attacks designed to hack iPhone users. Google says that these websites have delivered their malware indiscriminately. The most interesting fact being that scale were these websites were visited thousands of times every week. The search giant has also observed that these attacks were operational for years. Also Read - iOS 12.1.4 fixes two security vulnerabilities that were ‘exploited in the wild’: Google

Also Read - Apple iOS 12.1.4 is rolling out now; fixes the Group FaceTime security bug

Some of these attacks used zero day exploits and took advantage of vulnerability that Apple was not aware of at the time. In the past, zero day exploits have been found to be the most effective way to hack into devices. Since the impacted company is unaware of the issue, it becomes easier for malicious actors to spread malware without any oversight. Researchers at Google have been at the forefront of finding zero day exploits affecting popular operating systems and software. Also Read - Google Project Zero reveals iOS 11 exploit that could lead to jailbreak

“There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” Ian Beer, member of Project Zero, said in a blog post. “We estimate that these sites receive thousands of visitors per week.”

Beer notes that Google’s Threat Analysis Group (TAG) was able to collect five separate, complete and unique iPhone exploit chains. These exploits are based on 14 vulnerabilities and cover almost every version from iOS 10 to the latest iOS 12. Project Zero team notes that these exploits hint at a sustained effort to hack iPhone users over a period of at least two years. Among these exploits, at least one of the chains has been identified as a zero day exploit.

Photo: Google Project Zero

Apple fixed the issue with iOS 12.1.4 in February after Google alerted the company with a 7-day deadline. Once exploited, the attacker is capable of deploying malware onto a user’s iPhone. “The implant is primarily focused on stealing files and uploading live location data. The implant requests commands from a command and control server every 60 seconds,” Beer explains.

The nature of this attack is unprecedented since the implant also gains access to a user’s keychain. On iOS, the keychain contains passwords as well as databases of end-to-end encrypted applications such as iMessage, WhatsApp and Telegram. With a compromised device, the purpose of end-to-end encryption almost becomes meaningless. Beer also notes that the malware will be wiped if a user reboots their device.

This is not the first time that attackers have targeted iPhone users. In the past, the attacks have been targeted in nature and exploits have been deployed primarily through text message. However, the exploit discovered by Google seems broader and aimed at a specific set of users. Apple has not offered any comment on the issue yet.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.
  • Published Date: August 30, 2019 3:57 PM IST



new arrivals in india

Tecno Pova 2
Tecno Pova 2

10,999

Infinix Smart 5A
Infinix Smart 5A

6,499

Micromax In 2b
Micromax In 2b

8,999

Vivo Y72 5G
Vivo Y72 5G

20,990

Tecno Camon 17
Tecno Camon 17

12,999

Tecno Camon 17 Pro
Tecno Camon 17 Pro

16,999

Realme C11 2021
Realme C11 2021

6,999

Oppo Reno6 Pro 5G
Oppo Reno6 Pro 5G

39,990

Oppo Reno6 5G
Oppo Reno6 5G

29,990

Samsung Galaxy M21 2021
Samsung Galaxy M21 2021

12,499

OnePlus Nord 2
OnePlus Nord 2

27,999

Poco F3 GT
Poco F3 GT

27,999

Samsung Galaxy A22 5G
Samsung Galaxy A22 5G

19,999

Xiaomi Redmi Note 10T 5G
Xiaomi Redmi Note 10T 5G

13,999

Samsung Galaxy F22
Samsung Galaxy F22

12,499

Xiaomi Mi 11 Lite
Xiaomi Mi 11 Lite

21,999

Infinix Note 10 Pro
Infinix Note 10 Pro

16,999

Infinix Note 10
Infinix Note 10

10,999

Vivo Y73
Vivo Y73

20,990

OnePlus Nord CE 5G
OnePlus Nord CE 5G

22,999

iQOO Z3
iQOO Z3

19,990

Realme C25s
Realme C25s

9,999

Poco M3 Pro 5G
Poco M3 Pro 5G

13,999

Realme X7 Max 5G
Realme X7 Max 5G

26,999

Oppo F19
Oppo F19

18,990

Motorola Moto G40 Fusion
Motorola Moto G40 Fusion

13,999

POCO M2 Reloaded
POCO M2 Reloaded

9,499

OPPO A74 5G
OPPO A74 5G

17,990

Oppo A53s 5G
Oppo A53s 5G

14,990

Vivo V21 5G
Vivo V21 5G

29,990

Realme C25
Realme C25

9,499

Realme C21
Realme C21

7,999

Realme C20
Realme C20

6,799

Motorola Moto G60
Motorola Moto G60

17,999

iQOO 7
iQOO 7

31,990

Samsung Galaxy M42 5G
Samsung Galaxy M42 5G

21,999

Xiaomi Mi 11 Ultra
Xiaomi Mi 11 Ultra

69,999

Xiaomi Mi 11X Pro 5G
Xiaomi Mi 11X Pro 5G

39,999

Xiaomi Mi 11X
Xiaomi Mi 11X

29,999

Realme 8 5G
Realme 8 5G

13,999

Samsung Galaxy F02s
Samsung Galaxy F02s

8,999

Samsung Galaxy F12
Samsung Galaxy F12

10,999

POCO X3 Pro
POCO X3 Pro

18,999

Realme 8 Pro
Realme 8 Pro

17,999

Realme 8
Realme 8

14,999

Vivo X60 Pro Plus
Vivo X60 Pro Plus

69,990

Vivo X60 Pro
Vivo X60 Pro

49,990

Vivo X60
Vivo X60

37,990

OnePlus 9 Pro 5G
OnePlus 9 Pro 5G

64,999

OnePlus 9R 5G
OnePlus 9R 5G

39,999

OnePlus 9 5G
OnePlus 9 5G

49,999

Samsung Galaxy A72
Samsung Galaxy A72

34,999

Samsung Galaxy A52
Samsung Galaxy A52

26,499

Micromax In 1
Micromax In 1

10,499

Asus ROG Phone 5
Asus ROG Phone 5

49,999

Samsung Galaxy M12
Samsung Galaxy M12

10,999

Motorola Moto G30
Motorola Moto G30

10,999

Motorola Moto G10 Power
Motorola Moto G10 Power

9,999

Oppo F19 Pro Plus 5G
Oppo F19 Pro Plus 5G

25,990

Oppo F19 Pro
Oppo F19 Pro

21,490

Xiaomi Redmi Note 10 Pro Max
Xiaomi Redmi Note 10 Pro Max

18,999

Xiaomi Redmi Note 10 Pro
Xiaomi Redmi Note 10 Pro

15,999

Xiaomi Redmi Note 10
Xiaomi Redmi Note 10

11,999

Realme Narzo 30A
Realme Narzo 30A

8,999

Realme Narzo 30 Pro
Realme Narzo 30 Pro

16,999

Infinix Smart 5
Infinix Smart 5

7,199

Samsung Galaxy F62
Samsung Galaxy F62

23,999

Samsung Galaxy A12
Samsung Galaxy A12

12,999

Nokia 5.4
Nokia 5.4

13,999

Nokia 3.4
Nokia 3.4

11,999

Realme X7 Pro 5G
Realme X7 Pro 5G

29,999

Realme X7
Realme X7

19,999

Vivo Y31
Vivo Y31

16,490

Oppo Reno5 Pro 5G
Oppo Reno5 Pro 5G

35,990

Samsung Galaxy S21 Ultra 5G
Samsung Galaxy S21 Ultra 5G

1,05,999

Samsung Galaxy S21 Plus 5G
Samsung Galaxy S21 Plus 5G

81,999

Samsung Galaxy S21 5G
Samsung Galaxy S21 5G

69,999

Vivo Y12s
Vivo Y12s

9,990

Vivo Y51A
Vivo Y51A

17,990

Samsung Galaxy M02s
Samsung Galaxy M02s

8,999

Xiaomi Mi 10i
Xiaomi Mi 10i

21,999

Oppo A15s
Oppo A15s

11,490

Tecno Spark 6 Go
Tecno Spark 6 Go

8,499

Vivo V20 2021
Vivo V20 2021

24,990

Vivo Y20A
Vivo Y20A

11,490

Xiaomi Redmi 9 Power
Xiaomi Redmi 9 Power

11,999

Motorola Moto G9 Power
Motorola Moto G9 Power

11,999

Motorola Moto G 5G
Motorola Moto G 5G

20,999

Vivo V20 Pro
Vivo V20 Pro

29,990

Xiaomi Mi 10T
Xiaomi Mi 10T

35,999

Xiaomi Redmi 9i
Xiaomi Redmi 9i

8,299

Xiaomi Mi 10T Pro
Xiaomi Mi 10T Pro

39,999

Infinix Hot 10
Infinix Hot 10

9,999

Vivo V20 SE
Vivo V20 SE

20,990

Vivo V20
Vivo V20

24,990

Micromax In 1b
Micromax In 1b

6,999

Best Sellers