Hackers Have Been Spying on iPhones for Years

by

September 4, 2019
Security7-Blog Image
 
Google’s Project Zero announced some big news last Thursday: hackers have been using “Watering Hole” style attacks for years to spy on iPhones who visit compromised websites.

In the blog post (https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html) written by Ian Beer, he says hackers had been discretely attacking iPhones who visited compromised websites.

Victims were targeted and attacked indiscriminately. The blog post doesn’t name which websites were compromised by hackers but Beer says they were regularly visited by people. Beer claims the sites in question were visited thousands of times a week.

According to Beer, Project Zero found five different exploit chains that leveraged 12 individual security flaws. 7 of those flaws were found to be a part of Apple’s built-in iPhone web browser, Safari.

Each of the attack chains allows the attacker to gain “root” access to the device. Root access is the highest level of access on an iPhone. Root access would allow a hacker to install malicious programs that would allow them to spy on an iPhone user without the user ever knowing they were being spied on.

Google claims attackers were using this exploit to steal photos, messages, stored passwords and even use the phone’s built-in GPS to physically locate a hacked individual while they use their phone.

Apple was notified by Project Zero back in February of this year. Apple patched the security flaws six days later with the release of iOS 12.1.4.

Beer says while the patch seemed to be effective, it doesn’t mean that similar attacks aren’t currently underway. Apple recently launched a $1 million bounty program. The “award,” if you can call it that, will go to anyone who could find flaws that allow an attacker to gain root access.

If there’s more news to come will keep you posted. Otherwise, I think I’m in the market for a new phone. The one in the photo below looks promising…

 

chatter phone

Like our blog? Subscribe using the CTA in the upper right hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don’t forget to follow us on LinkedIn and Twitter

 

Carl Keyser is the Content Manager at Integris.

Keep reading

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects? The Quick Take Managing IT projects effectively is crucial for ensuring success and maximizing ROI. Here are the best practices to follow: Define Clear Objectives and Scope: Set specific, measurable, achievable,...

What Is The Future of Managed IT Services?

What Is The Future of Managed IT Services?

What Is the Future of Managed IT Services? The Quick Take: The future of managed IT services for small and medium-sized businesses is bright, with the market expected to grow from $1.735 trillion to $2.173 trillion by 2028. Key trends driving this growth include:...

The Regulatory Outlook for 2025 and What That Means for Banking IT

The Regulatory Outlook for 2025 and What That Means for Banking IT

With a new administration coming in, 2025 promises to be a year of change. But will it significantly impact banking regulation and your bank’s cybersecurity? No one has a crystal ball, of course, but recent global outlooks for the banking industry seem to point to two...