Tuesday, November 19, 2019

Share This

Google state: Hackers have put monitoring implants in iPhones for years

An unprecedented iPhone hacking operation, which attacked “thousands of users a week” until it was disrupted in January, has been revealed by researchers at Google’s external security team.

The operation, which lasted 30 months, used a small collection of hacked websites to deliver malware on to the iPhones of visitors. Users were compromised simply by visiting the sites: no interaction was necessary, and some of the methods used by the hackers affected even fully up-to-date phones.

Once hacked, the user’s deepest secrets were exposed to the attackers. Their location was uploaded every minute; their device’s keychain, containing all their passwords, was uploaded, as were their chat histories on popular apps including WhatsApp, Telegram and iMessage, their address book, and their Gmail database.

The one silver lining is that the implant was not persistent: when the phone was restarted, it was cleared from memory unless the user revisited a compromised site. However, according to Google’s Ian Beer, “given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device”. 

Beer is a security researcher at Project Zero, a team of white-hat hackers inside Google who work to find security vulnerabilities in popular tech, no matter who it is produced by. The team has become controversial for its hardline approach to disclosure: 90 days after it reports a bug to the victim, it will publish the details publicly, whether or not the bug has been fixed in that time.


Also see: Samsung Galaxy Note 10 Plus UK Review: It's Bigger and better

In total, 14 bugs were exploited for the iOS attack across five different “exploit chains” – strings of flaws linked together in such a way that a hacker can hop from bug to bug, increasing the severity of their attack each time.

“This was a failure case for the attacker,” Beer noted, since even though the campaign was dangerous, it was also discovered and disrupted. “For this one campaign that we’ve seen, there are almost certainly others that are yet to be seen.

“All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”

Google said it had reported the security issues to Apple on 1 February. Apple then released an operating system update which fixed the flaws on 7 February.

Do you want to see more? Follow us on Facebook or Twitter.

Popular Articles

Nov.02

Entertainment

Call of Duty: Modern Warfare Review

It doesn’t take long for the guilt to set in. You’re holding a handgun in London’s Piccadilly Circus as terrorists run wild with assault rifles and flames bloom from a...

Oct.28

Tech News UK

Vodafone will be providing flying taxis and drones in Europe

Vodafone will provide 5G infrastructure across Europe for Ehang, the global autonomous aircraft firm.

Oct.25

Football

Leicester: Title Contenders Watch Out!

​​Leicester's 9-0 win over Southampton broke all sort of Premier League records but it's quite possible they could actual title challengers this season.

Oct.22

Tech News UK

MoD to invest £1.5bn on framework for digital and IT contractors

The Ministry of Defence is to set up a £1.5bn multi-year framework to address its need for external contractors in IT and digital roles.

Oct.28

Tech News UK

UK government plans new funding for robot development

The UK government has announced new funding for research around autonomous systems which will range from care robots to automated personal shoppers.

Oct.25

Football

Norwich Were Beaten to Signing of Daniel James by Man Utd

​Daniel Farke has revealed that Norwich were interested in signing Daniel James before the Welshman signed for Manchester United.

Oct.22

Tech News UK

UK Government boosts AI skills

The Department for Business, Energy & Industrial Strategy (BEIS) has announced funding to boost the national artificial intelligence (AI) skills base.

Oct.25

Entertainment

Amazon Echo Studio Review: Apple HomePod watch out!

The company’s existing smart speakers have proven their use, but the thought of one that delivers sound able to rival Apple’s HomePod is a truly tantalising prospect

Oct.26

Tech News UK

£8 billion invested in Birmingham UK digital hub

Why is Birmingham set to become a leading UK digital hub?

Oct.27

Football

Pep Guardiola Says Jack Grealish Is 'Too Expensive' for City

​Pep Guardiola was full of praise for the 'incredible' Jack Grealish after Man City swept aside Aston Villa on Saturday, but admitted that the Aston Villa midfielder was 'too expensive...

Nov.01

Football

10 of Man Utd's Greatest Premier League Goals

​Manchester United created history against Norwich City at Carrow Road when Scott McTominay, of all people, scored their 2,000th Premier League goal.

Oct.25

Football

Managers Who Could Take Over at Southampton

​If someone had told you on Friday afternoon that Leicester City would score more in their Premier League fixture at Southampton than New Zealand would in their rugby World Cup...

Nov.09

Football

Cristiano Ronaldo Denies Tax Evasion Claims: He Is Simply an Easy Target

​Juventus forward Cristiano Ronaldo complained to a judge that he's only at the centre of a tax evasion investigation because of who he is, rather than anything he's done.

Oct.21

Entertainment

Roku Premiere Review: Top 4K TV streaming

Roku has a reputation for making excellent TV streamers with a peerless library of apps, albeit at a higher cost than rivals from Google and Amazon.

Oct.24

Tech News UK

Blackburn council look to business intelligence for transformation

Blackburn Council is looking to explore the use of business intelligence to make the most of the data at its disposal.

Popular

Entertainment

Amazon Echo Studio Review: Apple HomePod watch out!

The company’s existing smart speakers have proven their use, but the thought of one that delivers sound able to rival Apple’s HomePod is a truly tantalising prospect

By Peter Flynn - Oct.25

Football

Jürgen Klopp Wants Football Authorities to Put Player Welfare 'Before Money'

Liverpool manager Jürgen Klopp has called on FIFA, UEFA, the FA and the rest of football's leading authorities to come together and come up with a solution to the hectic...

By Peter Flynn - Nov.02

Tech News UK

MoD to invest £1.5bn on framework for digital and IT contractors

The Ministry of Defence is to set up a £1.5bn multi-year framework to address its need for external contractors in IT and digital roles.

By Peter Flynn - Oct.22

Football

Newcastle To Sell for £300m by the End of the Year

Peter Kenyon is aiming to complete a £300m takeover of Newcastle United by the end of this year.

By Connor Stevens - Oct.28

Log in or Sign up