Google finds 'indiscriminate iPhone attack lasting years'

Google finds 'indiscriminate iPhone attack lasting years'

Beer also notes that the group behind the iPhone hacking could be targeting users of iPhones in certain communities for over two years.

The attack scenario in this campaign, known as a watering hole attack, is a common one but it's more often used in lower-level campaigns carried out by cybercrime groups.

Beer explained, "simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant".

Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years

Earlier this year, the Google Threat Analysis Group received a small collection of hack websites.

Apple always makes tall claims about privacy and security, but from time-to-time there are eye-opening reports of loopholes that somehow manage to let hackers in, giving users this creepy feeling of insecurity.

Apple did not immediately respond to a request for comment from The Post.


The experts discovered a total of 14 iPhone vulnerabilities related to the five exploits. The websites are operational for years and visited by thousands of users every week. Devices running iOS 10 or later were vulnerable to at least one attack vector over the 28-month period between the launch of iOS 10 in September 2016 and the discovery of the issues in January 2019. The search giant's Project Zero Team hasn't shared any details about these websites but it estimates that they were receiving thousands of visitors per week.

It's not about the money Google told Apple about the vulnerabilities in their system back in February, giving them a week to fix the problem.

Apple is notoriously guarded with its products, shielding them from even well-meaning hackers looking to probe iOS vulnerabilities. Google says that it notified Apple of the vulnerabilities on Feb 1, 2019, and the iPhone maker patched them on Feb 7, 2019.


Since the iPhone is relatively hard to hack, zero-day exploits for the iPhone are rare, but not unheard of, and are therefore extremely valuable to hackers - often fetching prices of up to $3 million on the black market for a single "full exploit chain" of a current iOS version.

Hackers exploited flaws in iPhone software to stealthily take over a victim's device and access a user's contact info, media files and Global Positioning System location, together with data from Instagram, WhatsApp, Telegram and Gmail. The implant can access and upload the Contacts database of iOS, the photos on the device, unique identifiers like the IDs for the SIM card and the serial number, and "can also upload the user's location in real time, up to once per minute, if the device is online".

The Project Zero team said rebooting would remove the implant. "The keychain also contains the long-lived tokens used by services such as Google's iOS Single-Sign-On to enable Google apps to access the user's account".


But when Project Zero informed Apple of the breach on February 1, it gave it seven days to fix it, citing the need for urgency. "Let's also keep in mind that this was a failure case for the attacker: for this one campaign that we've seen, there are nearly certainly others that are yet to be seen".

Related Articles