- People on Twitter ask whose ancestors would’ve passed immigrant ‘wealth test’ Monday 6:54 PM
- Kobe Bryant helicopter crash mocked in teen’s TikTok video Monday 6:38 PM
- Chiefs, Bears, Packers have Twitter accounts hacked Monday 3:48 PM
- Washington Post reporter suspended amid backlash over Kobe Bryant tweet Monday 3:08 PM
- America is united in hating Ken Starr’s impeachment hat Monday 3:01 PM
- In ‘Cuties,’ the contradictions of growing up come to a head Monday 1:55 PM
- Racist tweets blame fruit bat soup for coronavirus Monday 1:25 PM
- What is the #ILeftTheGOP movement? Monday 1:21 PM
- The Grammys were weird and sad—but the Billy Porter hat memes offered some levity Monday 12:36 PM
- Auschwitz Museum calls on Facebook to ban Holocaust denialism Monday 11:59 AM
- YouTuber who said his girlfriend was dead now says he faked it Monday 11:42 AM
- Review: Kentucky Route Zero is one of the most magical games ever made Monday 11:00 AM
- Backlash grows against Clearview as lawsuit looms Monday 10:58 AM
- Tyler the Creator calls out the Grammys for racism over ‘Rap Album’ win Monday 10:25 AM
- Democrats call on John Bolton to testify after book bombshell Monday 9:56 AM
Thousands of iPhones attacked just by visiting hacked websites
A report from Google confirms that thousands of iPhones were potentially infected with malware after visiting compromised websites in an unprecedented hacking effort.
Tiko Aramyan/Shutterstock (Licensed)
According to a new report, websites attacked iPhones for years on an unprecedented scale.
This week, Vice reported that hacked websites have been delivering attacks aimed at infiltrating iPhones. Researchers at Google uncovered the malware attacks, and believe they may mark one of the biggest assaults against iPhone users ever.
There were no specific targets of the hack, which is unusual. It was previously thought that iOS hacking was an expensive and precise endeavor, often handled by nation-states, not rogue hackers.
But in this case, users could be attacked simply because they visited a particular website. In a blog post, Ian Beer of Google’s Project Zero writes, “There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.”
Once the exploit was found, hackers could then deploy malware onto phones. Beer’s team found that this malware “is primarily focused on stealing files and uploading live location data.” The malware targeted user keychains, where passwords and encrypted messaging data, such as that used by WhatsApp and iMessage, are stored. Once deployed, data was being uploaded from phones as frequently as once a minute.
Google’s Threat Analysis Group found five iPhone exploit chains — functionally maps of vulnerabilities — that affected iOS 10 through iOS 12. This means that the hacking effort lasted for at least two years.
The scope of this attack is of particular interest to the tech community because it demonstrates that iPhone hacking is cheaper and easier than was previously thought. In Wired‘s reporting on the issue, experts concede that hacking that was once thought to be expensive, targeted, and often state-sponsored, was deployed on a mass scale in this instance.
This attack will likely send shockwaves through the tech security industry, as it already being talked about as a “wake-up call.”
In its report, Google declined to name the websites that acted as a “watering hole” to spread the malware.
The good news? The vulnerabilities were fixed with the release of iOS 12.1.4 on February 9, 2019.
Brenden Gallagher is a politics reporter and cultural commentator. His work has been published by Motherboard, Complex, and VH1. He’s the co-founder of Beer Money Films, an indie production company. Based in Los Angeles, he works in television drama as a writers assistant.