Budapest Post

Cum Deo pro Patria et Libertate
Budapest, Europe and world news

IOS is secure? Never was. Hackers breached iPhone users data for years

Cybercriminals implanted iPhones with spyware by exploiting a hole in Apple's operating system

Hackers planted spyware on iPhone users' devices over a two-year period by exploiting a vulnerability in the technology's operating systems, Google said Friday.

The bad actors targeted a group of infected websites that, when visited by iPhone users, attacked the devices and in some cases installed malware, according to Ian Beer of Project Zero, a team of Google security analysts that investigates cybercrime.

"There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week," Beer wrote in a blog post.

Using the implant, hackers could access Apple customers' data, including their passwords and personal contacts, as well as messages sent through iMessage, WhatsApp, Gmail and Google Hangouts, according to Project Zero researchers.

Almost every version of Apple's iPhone operating system — from iOS 10 through to the latest version of iOS 12 — was vulnerable, he said. Still, it's unclear how many users might have been affected.


Old bug, new hack

The security bugs Beer identified aren't new, but rather were exploited in novel ways.

"Ian shows this is the first time these types of vulnerabilities have been used out on the wide internet, where if the malicious code was present on a certain website that was accessed, the unsuspecting user would be infected, and remain blissfully ignorant of it," said operating system internals researcher Jonathan Levin.

In this case, no user intervention, such as a prompt to click on a link, was required for an iPhone to get inflected.

The scope of the hack suggests it was backed by a nation rather than an individual, Levin said. "It requires a lot of research, and there has to be an endgame motive for this," he told CBS MoneyWatch. "It's possible that those behind the hack targeted a specific demographic or interest groups."

"My personal hunch, because of the level of proficiency and efficacy of the exploits, is that this is not the work of your average hacker," he added.

Neither is there a sure-fire way for users to protect themselves against security breaches, Beer said. "All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them."

Google said it reported its findings to Apple in February, after which the tech giant released an updated operating system to fix the flaws.


Android's no safer

While Beer highlights some of the iPhone's vulnerabilities, the attack shouldn't be misread to suggest that Google's Android operating system is safer, Levin said.

"The takeaway shouldn't be, 'I'm going to use Android from now on because it's more secure.' That's far from it," he said. "Similar and/or possibly worse bugs exist in Android and other operating systems as well. Google Project Zero simply chose to highlight iOS this time."

Apple claims to be the most secure operating system, and for good reason. "Apple genuinely invests extreme efforts in securing iOS on multiple layers, down to their proprietary hardware, and in some aspects are still way ahead of Android," Levin said.

AI Disclaimer: An advanced artificial intelligence (AI) system generated the content of this page on its own. This innovative technology conducts extensive research from a variety of reliable sources, performs rigorous fact-checking and verification, cleans up and balances biased or manipulated content, and presents a minimal factual summary that is just enough yet essential for you to function as an informed and educated citizen. Please keep in mind, however, that this system is an evolving technology, and as a result, the article may contain accidental inaccuracies or errors. We urge you to help us improve our site by reporting any inaccuracies you find using the "Contact Us" link at the bottom of this page. Your helpful feedback helps us improve our system and deliver more precise content. When you find an article of interest here, please look for the full and extensive coverage of this topic in traditional news sources, as they are written by professional journalists that we try to support, not replace. We appreciate your understanding and assistance.
Newsletter

Related Articles

0:00
0:00
Close
Polish MEP: “Dear Leftists - China is laughing at you, Russia is laughing, India is laughing”
Western Europe Records Hottest June on Record
BRICS Expands Membership with Indonesia and Ten New Partner Countries
Elon Musk Founds a Party Following a Poll on X: "You Wanted It – You Got It!"
China’s Central Bank Consults European Peers on Low-Rate Strategies
France Requests Airlines to Cut Flights at Paris Airports Amid Planned Air Traffic Controller Strike
Poland Implements Border Checks Amid Growing Migration Tensions
Emirates Airline Expands Market Share with New $20 Million Campaign
Amazon Reaches Milestone with Deployment of One Millionth Robot
Yulia Putintseva Calls for Spectator Ejection at Wimbledon Over Safety Concerns
House Oversight Committee Subpoenas Former Jill Biden Aide Amid Investigation into Alleged Concealment of President Biden's Cognitive Health
Amazon Reaches Major Automation Milestone with Over One Million Robots
Extreme Heat Wave Sweeps Across Europe, Hitting Record Temperatures
Meta Announces Formation of Ambitious AI Unit, Meta Superintelligence Labs
Robots Compete in Football Tournament in China Amid Injuries
China Unveils Miniature Insect-Like Surveillance Drone
Marc Marquez Claims Victory at Dutch Grand Prix Amidst Family Misfortune
Germany Votes to Suspend Family Reunification for Asylum Seekers
Budapest Pride Parade Draws 200,000 Participants Amid Government Ban
Southern Europe Experiences Extreme Heat
Xiaomi's YU7 SUV Launch Garners Record Pre-Orders Amid Market Challenges
Jeff Bezos and Lauren Sanchez's Lavish Wedding in Venice
Russia Launches Largest Air Assault on Ukraine Since Invasion
Massive Anti-Government Protests Erupt in Belgrade
Iran Executes Alleged Israeli Spies and Arrests Hundreds Amid Post-War Crackdown
Hungary's Prime Minister Criticizes NATO's Role in Ukraine
EU TO HUNGARY: LET THEM PRIDE OR PREP FOR SHADE. ORBÁN TO EU: STAY IN YOUR LANE AND FIX YOUR OWN MESS.
Hungarian Scientist to Conduct 30 Research Experiments on the International Space Station
NATO Members Agree to 5% Defense Spending Target by 2035
NATO Leaders Endorse Plan for Increased Defence Spending
U.S. Crude Oil Prices Drop Below $65 Amid Market Volatility
International Astronaut Team Launched to Space Station
Macron and Merz: Europe must arm itself in an unstable world
Germany and Italy Under Pressure to Repatriate $245bn of Gold from US Vaults
Iran Intensifies Crackdown on Alleged Mossad Operatives After Sabotage Claims
Trump Praises Iran’s ‘Very Weak’ Response After U.S. Strikes and Presses Israel to Pursue Peace
Oil Prices Set to Surge After US Strikes Iran
BA and Singapore Airlines Cancel Dubai Flights Amid Middle East Tensions
Trump Faces Backlash from MAGA Base Over Iran Strikes
Meta Bets $14 B on Alexandr Wang to Drive AI Ambitions
FedEx Founder Fred Smith, ‘Heart and Soul’ of the Company, Dies at 80
Chinese Factories Shift Away from U.S. Amid Trump‑Era Tariffs
Pimco Seizes Opportunity in Japan’s Dislocated Bond Market
Labubu Doll Drives Pop Mart to Status as China’s Most Valuable Toy Maker
Global Coal Demand Defies Paris Accord Goals
United States Conducts Precision Strikes on Iran’s Nuclear Sites
US strikes Iran nuclear sites, Trump says
Telegram Founder: I Will Leave My Fortune to Over 100 of My Children
16 Billion Login Credentials Leaked in Unprecedented Cybersecurity Breach
Senate hearing on who was 'really running' Biden White House kicks off
×