- Father of mega-popular Ace Family YouTube channel accused of rape 2 Months Ago
- This Italian town ‘banned’ Google Maps after people kept getting lost 2 Months Ago
- Fornite emerges from black hole with Chapter 2 2 Months Ago
- Everything Google announced at today’s Pixel event 2 Months Ago
- Netflix sued over line about interrogation technique in ‘When They See Us’ Today 12:52 PM
- Twitch streamer says racist trolls got her banned for ‘suggestive’ outfit Today 12:47 PM
- Everything you need to know about Google’s new Pixel phones Today 12:47 PM
- ‘Portrait of a Lady on Fire’ is a transcendent, lesbian period romance Today 12:32 PM
- Where to stream ‘Zombieland’ before ‘Double Tap’ comes out Today 12:04 PM
- ‘Deadpool’ screenwriter says that Disney sequel will still be R-rated Today 11:45 AM
- #DeleteFacebook trends amid report of Zuckerberg meeting with prominent conservatives Today 11:45 AM
- The Pixelbook Go is Google’s first attempt at a mid-range Chromebook Today 11:33 AM
- All the games coming to Google Stadia Today 10:49 AM
- Google just announced a line of Nest-branded smart home products Today 10:36 AM
- ‘Fake news’ is helping conspiracy theorists deny Turkish atrocities Today 10:15 AM
Thousands of iPhones attacked just by visiting hacked websites
A report from Google confirms that thousands of iPhones were potentially infected with malware after visiting compromised websites in an unprecedented hacking effort.
Tiko Aramyan/Shutterstock (Licensed)
According to a new report, websites attacked iPhones for years on an unprecedented scale.
This week, Vice reported that hacked websites have been delivering attacks aimed at infiltrating iPhones. Researchers at Google uncovered the malware attacks, and believe they may mark one of the biggest assaults against iPhone users ever.
There were no specific targets of the hack, which is unusual. It was previously thought that iOS hacking was an expensive and precise endeavor, often handled by nation-states, not rogue hackers.
But in this case, users could be attacked simply because they visited a particular website. In a blog post, Ian Beer of Google’s Project Zero writes, “There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.”
Once the exploit was found, hackers could then deploy malware onto phones. Beer’s team found that this malware “is primarily focused on stealing files and uploading live location data.” The malware targeted user keychains, where passwords and encrypted messaging data, such as that used by WhatsApp and iMessage, are stored. Once deployed, data was being uploaded from phones as frequently as once a minute.
Google’s Threat Analysis Group found five iPhone exploit chains — functionally maps of vulnerabilities — that affected iOS 10 through iOS 12. This means that the hacking effort lasted for at least two years.
The scope of this attack is of particular interest to the tech community because it demonstrates that iPhone hacking is cheaper and easier than was previously thought. In Wired‘s reporting on the issue, experts concede that hacking that was once thought to be expensive, targeted, and often state-sponsored, was deployed on a mass scale in this instance.
This attack will likely send shockwaves through the tech security industry, as it already being talked about as a “wake-up call.”
In its report, Google declined to name the websites that acted as a “watering hole” to spread the malware.
The good news? The vulnerabilities were fixed with the release of iOS 12.1.4 on February 9, 2019.
Brenden Gallagher is a politics reporter and cultural commentator. His work has been published by Motherboard, Complex, and VH1. He’s the co-founder of Beer Money Films, an indie production company. Based in Los Angeles, he works in television drama as a writers assistant.