comscore Malicious websites have been trying to hack iPhone for years: Google
  • Home
  • News
  • Malicious websites have been trying to hack iPhone for years: Google Project Zero
News

Malicious websites have been trying to hack iPhone for years: Google Project Zero

News

Read how malicious websites have exploited zero-day vulnerabilities to exploit iPhone users for years.

  • Published: August 30, 2019 3:57 PM IST
apple-iphone-xs-xs-max-hands-on-1

Google researchers have uncovered a malicious attack against iPhone users, which could be one of the largest ever. They uncovered a series of hacked websites that have reportedly been delivering attacks designed to hack iPhone users. Google says that these websites have delivered their malware indiscriminately. The most interesting fact being that scale were these websites were visited thousands of times every week. The search giant has also observed that these attacks were operational for years.

Some of these attacks used zero day exploits and took advantage of vulnerability that Apple was not aware of at the time. In the past, zero day exploits have been found to be the most effective way to hack into devices. Since the impacted company is unaware of the issue, it becomes easier for malicious actors to spread malware without any oversight. Researchers at Google have been at the forefront of finding zero day exploits affecting popular operating systems and software.

iOS 12.1.4 fixes two security vulnerabilities that were ‘exploited in the wild’: Google

Also Read

iOS 12.1.4 fixes two security vulnerabilities that were ‘exploited in the wild’: Google

“There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” Ian Beer, member of Project Zero, said in a blog post. “We estimate that these sites receive thousands of visitors per week.”

Beer notes that Google’s Threat Analysis Group (TAG) was able to collect five separate, complete and unique iPhone exploit chains. These exploits are based on 14 vulnerabilities and cover almost every version from iOS 10 to the latest iOS 12. Project Zero team notes that these exploits hint at a sustained effort to hack iPhone users over a period of at least two years. Among these exploits, at least one of the chains has been identified as a zero day exploit.

Photo: Google Project Zero

Apple fixed the issue with iOS 12.1.4 in February after Google alerted the company with a 7-day deadline. Once exploited, the attacker is capable of deploying malware onto a user’s iPhone. “The implant is primarily focused on stealing files and uploading live location data. The implant requests commands from a command and control server every 60 seconds,” Beer explains.

Google's team exposes 'high severity' flaw in macOS kernel; Apple accepts the flaw

Also Read

Google's team exposes 'high severity' flaw in macOS kernel; Apple accepts the flaw

The nature of this attack is unprecedented since the implant also gains access to a user’s keychain. On iOS, the keychain contains passwords as well as databases of end-to-end encrypted applications such as iMessage, WhatsApp and Telegram. With a compromised device, the purpose of end-to-end encryption almost becomes meaningless. Beer also notes that the malware will be wiped if a user reboots their device.

This is not the first time that attackers have targeted iPhone users. In the past, the attacks have been targeted in nature and exploits have been deployed primarily through text message. However, the exploit discovered by Google seems broader and aimed at a specific set of users. Apple has not offered any comment on the issue yet.

Story Timeline

  • Published Date: August 30, 2019 3:57 PM IST

Trending Today

thumb-img
News
Apple to open its first store in Mumbai, to invest Rs 1,000 crore in retail in India: Report
thumb-img
News
Reliance Jio smart hybrid set-top-box first look is here
thumb-img
News
Oppo Reno 2Z now available on pre-order in India
thumb-img
News
Oppo Reno 2 series launched in India

Editor's Pick

Kodak XPRO-series LED Smart TVs with 4K resolution launched
News
Kodak XPRO-series LED Smart TVs with 4K resolution launched
Motorola One Action next sale at 4PM today: Check price, offers

News

Motorola One Action next sale at 4PM today: Check price, offers

Samsung Galaxy M20, Galaxy M30 update rolling out

News

Samsung Galaxy M20, Galaxy M30 update rolling out

Huawei Band 4e Basketball Wizard Edition launched

News

Huawei Band 4e Basketball Wizard Edition launched

Asus ROG Zephyrus GA502 gaming laptop launched in India

News

Asus ROG Zephyrus GA502 gaming laptop launched in India

Most Popular

Tecno Spark Go First Impressions

Oppo Reno 2Z, Reno 2F First Impressions

Oppo Reno 2 First Impressions

Realme XT First Impressions

Realme 5 Review

Nokia 2.1 receiving new Android Pie build update in India

Malicious websites have been trying to hack iPhone for years: Google

Realme 5 to go on sale again tonight at 8PM

Kodak XPRO-series LED Smart TVs with 4K resolution launched

Motorola One Action next sale at 4PM today: Check price, offers

MediaTek takes on Qualcomm in the most significant way yet

Tata Sky Binge vs Dish TV d2h magic: Which one is better

Google AR Search lets you see life-sized 3D animals up-close

Vodafone vs Airtel: Best family plans for postpaid users

How to add or remove channels from Tata Sky DTH online

Related Topics

Related Stories

Malicious websites have been trying to hack iPhone for years: Google

News

Malicious websites have been trying to hack iPhone for years: Google
Apple offers more options for safe, reliable iPhone repairs

News

Apple offers more options for safe, reliable iPhone repairs
Apple to open its first store in Mumbai, to invest Rs 1,000 crore in retail in India: Report

News

Apple to open its first store in Mumbai, to invest Rs 1,000 crore in retail in India: Report
Apple iPhone 11 launch event confirmed for September 10

News

Apple iPhone 11 launch event confirmed for September 10
Apple makes Siri audio recording review process opt-in for users

News

Apple makes Siri audio recording review process opt-in for users

हिंदी समाचार

Nokia 2.1 को मिलने लगा अगस्त सिक्योरिटी अपडेट, पहले से बदल जाएगा स्मार्टफोन चलाने का एक्सपीरिएंस

Realme 5 स्मार्टफोन को आज रात 8 बजे एक बार फिर खरीदने का मौका, जानें सेल ऑफर्स

OnePlus TV में मिलेगा कम से कम 3 साल का Android TV सॉफ्टवेयर सपोर्ट, कंपनी ने किया कंफर्म

Samsung Galaxy M20 और Galaxy M30 को मिलने लगा लेटेस्ट अपडेट

Samsung Galaxy M30s की लॉन्च से पहले इमेज लीक, 48मेगापिक्सल प्राइमरी कैमरा के साथ आएगा


News

Nokia 2.1 receiving new Android Pie build update in India
News
Nokia 2.1 receiving new Android Pie build update in India
Malicious websites have been trying to hack iPhone for years: Google

News

Malicious websites have been trying to hack iPhone for years: Google
Realme 5 to go on sale again tonight at 8PM

News

Realme 5 to go on sale again tonight at 8PM
Kodak XPRO-series LED Smart TVs with 4K resolution launched

News

Kodak XPRO-series LED Smart TVs with 4K resolution launched
Motorola One Action next sale at 4PM today: Check price, offers

News

Motorola One Action next sale at 4PM today: Check price, offers