Monday, September 23, 2019

Share This

Google state: Hackers have put monitoring implants in iPhones for years

An unprecedented iPhone hacking operation, which attacked “thousands of users a week” until it was disrupted in January, has been revealed by researchers at Google’s external security team.

The operation, which lasted 30 months, used a small collection of hacked websites to deliver malware on to the iPhones of visitors. Users were compromised simply by visiting the sites: no interaction was necessary, and some of the methods used by the hackers affected even fully up-to-date phones.

Once hacked, the user’s deepest secrets were exposed to the attackers. Their location was uploaded every minute; their device’s keychain, containing all their passwords, was uploaded, as were their chat histories on popular apps including WhatsApp, Telegram and iMessage, their address book, and their Gmail database.

The one silver lining is that the implant was not persistent: when the phone was restarted, it was cleared from memory unless the user revisited a compromised site. However, according to Google’s Ian Beer, “given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device”. 

Beer is a security researcher at Project Zero, a team of white-hat hackers inside Google who work to find security vulnerabilities in popular tech, no matter who it is produced by. The team has become controversial for its hardline approach to disclosure: 90 days after it reports a bug to the victim, it will publish the details publicly, whether or not the bug has been fixed in that time.


Also see: Samsung Galaxy Note 10 Plus UK Review: It's Bigger and better

In total, 14 bugs were exploited for the iOS attack across five different “exploit chains” – strings of flaws linked together in such a way that a hacker can hop from bug to bug, increasing the severity of their attack each time.

“This was a failure case for the attacker,” Beer noted, since even though the campaign was dangerous, it was also discovered and disrupted. “For this one campaign that we’ve seen, there are almost certainly others that are yet to be seen.

“All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”

Google said it had reported the security issues to Apple on 1 February. Apple then released an operating system update which fixed the flaws on 7 February.

Do you want to see more? Follow us on Facebook or Twitter.

Popular Articles

Aug.29

Tech News UK

How to watch BBC iPlayer on iPhone, iPad or Mac while abroad

Want to watch BBC iPlayer abroad? If you're on holiday outside the UK you'll run into trouble accessing the BBC's online streaming service, but here we show you how to...

Aug.31

Tech News UK

Google state: Hackers have put monitoring implants in iPhones for years

An unprecedented iPhone hacking operation, which attacked “thousands of users a week” until it was disrupted in January, has been revealed by researchers at Google’s external security team.

Aug.30

Football

Cristiano Ronaldo Says He'd Like to Have Dinner With Lionel Messi in Joint Interview

​Juventus superstar Cristiano Ronaldo has revealed he would like to one day sit down and have dinner with great on-field rival Lionel Messi, with the pair appearing to be very...

Aug.29

Tech Reviews

Samsung Galaxy Note 10 Plus UK Review: It's Bigger and better

The regular Galaxy Note 10 may be little more than a warm-up act,  but the Note 10 Plus is where you’ll find all the extra goodies. Just don’t come crying...

Sep.01

Football

Chelsea Plans to Discuss Racist Abuse With Social Media Sites

​Chelsea boss Frank Lampard has revealed that the Blues are planning to have talks with social media companies to tackle and crackdown on racist abuse, with Kurt Zouma targeted this...

Sep.05

Tech Reviews

Top 10 Top Budget Android Camera Phones For Photography Under £300

If you're looking for a budget smartphone with good camera performance, then see our highly recommended choices below.

Aug.24

Football

Liverpool Boss Jurgen Klopp Talks About Expectations to Fringe Players

​Liverpool manager Jurgen Klopp expects fringe players like Xherdan Shaqiri and Adam Lallana to take their opportunities when they are called upon.

Sep.03

Tech News UK

Kings Cross Facial Recognition Cameras Thankfully Shut Down

The private firm that developed and managed the 67-acre King’s Cross area, has confirmed that it is no longer using facial recognition cameras, we are glad to say.

Sep.12

Tech News UK

5G now live at Gatwick Airport

Gatwick Airport 5G has gone live at the airport’s South Terminal after Vodafone completed the installation of hundreds of kilometres of fibre.

Aug.31

Tech News UK

Twitter CEO Account Hacked, Offensive Content

Twitter themselves said on Friday the account of chief executive Jack Dorsey had been "compromised" after a series of erratic and offensive messages were posted.

Aug.29

Football

Number 7s At Man United Hardly Score Any Premier League Goals Since Ronaldo

​Manchester United are about to bid farewell, temporarily at least, to a fifth number seven in ten years when Alexis Sanchez joins Inter on a season-long loan before 2nd September.

Aug.31

Automotive

The new Land Rover Defender pic, well just the grille

With the reveal of the new Land Rover Defender imminent, Land Rover are still teasing, despite the new Defender already seen undisguised.

Aug.31

Automotive

10th ever Jaguar E-Type 4.2 found in Gloucestershire

The 10th ever Jaguar E-Type Series 1 4.2 Coupe has been brought back to better than new after languishing for three decades in a field in Gloucestershire.

Aug.28

Automotive

New BMW X6 Vantablack revealed at Frankfurt show

The new BMW X6 will be at the Frankfurt Motor Show resplendent in a ‘Vantablack’ paintwork, BMW announces on the day the Mercedes GLE Coupe is revealed.

Aug.31

Football

Champions League Grading the Difficulty For Each Premier Leagues First Match

​The draw for the 2019/20 Champions League group stages was made on Thursday, with some of Europe's best sides set to face off in the pools.

Popular

Tech Reviews

The Twelve South StayGo USB-C Hub UK Review: Very well built

In a world of homogenised, dime-a-dozen products, standing out from the crowd is difficult to do. In the computer and tech world, I’m thinking about computer mice, standard keyboards, hard...

By Martin Lucas - Aug.16

Football

Chelsea Plans to Discuss Racist Abuse With Social Media Sites

​Chelsea boss Frank Lampard has revealed that the Blues are planning to have talks with social media companies to tackle and crackdown on racist abuse, with Kurt Zouma targeted this...

By Peter Flynn - Sep.01

Football

Champions League Grading the Difficulty For Each Premier Leagues First Match

​The draw for the 2019/20 Champions League group stages was made on Thursday, with some of Europe's best sides set to face off in the pools.

By Peter Flynn - Aug.31

Tech Reviews

Sony WF-1000XM3 UK Review: Excellent set of buds

Sony’s true wireless WF-1000XM3 earbuds offer both noise cancelling and top-end sound quality while undercutting premium rivals on price.

By Martin Lucas - Aug.23

Log in or Sign up