Google Discovered a ‘Web Exploit’ That Has Hacked iPhones for Years

Google Security Researchers claimed: “iPhone could have been hacked and spied for several years with a malware. Attackers had complete virtual control over devices and were able to access photos, passwords, chats, and other user data.”

Biggest iPhone Attacks Ever

Apple is back on headlines, for its security flaws. Google’s Zero Project Team, to investigate all the possible zero-day security failures of digital devices, has revealed a series of iPhone security holes, allowing malware strain. Since then, no one has ever noticed the issue and the team described it as “one of the biggest iPhone attacks ever”.

Thousands of pirated websites have been used to suck iPhone users’ information for years (at least two years) and every updated iPhone was vulnerable. These pirated sites, slip malware within iPhones quietly even without notifying anything to its users and a simple visit to the pirated site was very enough to exploit and attack the device. This attack was targeted indiscriminately, regardless of the region or country.

Ian Beer, a security researcher at Zero Project stated, “We’ve discovered exploits for a total of 14 vulnerabilities in 5 chains: 7 for the iPhone web browser, 5 for the kernel and the sandbox. When one exploit chain rendered useless by the Apple patch, the hackers were quickly implementing the next one.”

According to Ian Beer, Google’s instant messaging, Gmail, and Hangout were also affected, which provided details of how the malware has targeted and exploited the vulnerabilities of the iPhone. The Zero Project Team, tested almost every operating system and most of the security holes were found in the default Safari web browser.

Main Highlights

• The malware was stealing passwords, encrypted messages, photos, contacts, and live geolocation
• Attackers behind the iPhone hacking campaign are still unidentified
• If you’ve updated your iPhone recently or if you update it often, then you’re protected

Infected Websites Hacked Millions of iPhones Since 2 Years

The malicious websites were operating for the last two years and every iOS from v10 to 12 was vulnerable to attacks. Researchers discovered 5 different attack chains and said, once an iPhone gets hacked, it could be a spy on the target and attackers could access all the private information such as Photos, GPS, iMessages, etc.

Once the malware embedded with the iPhone, it captures all the user data including live geolocation and transmits it to the attackers every minute. iPhone users wouldn’t even know that their device is being hacked because the malware runs in the background without any indicator and there’s no another way to identify if some process is running behind the device.

Who’s Behind All This?

Well, this question is still unclear and the experts of Zero Project made no assumptions concerning this. But, aimless attackers behind multiple infected websites is quite unusual, said experts without disclosing more precise information. So, it seems like neither Google nor Apple has any accounting of victims but, there might be other clues.

What Apple Did Next?

Since Google has given a week to Apple to resolve all the revealed flaws so, after 6 days, the company released a patch available on iOS 12.1.4 for iPhone 5S and iPad later models. After rebooting, iPhone wiped the malware. Apple has patched all the security holes in different updates including iOS 12.1.4 that fixed the FaceTime listening error and other security issues discovered by Google’s Zero Team.

Eventually, if you are an iPhone user, we recommend you to check if you are using the most up-to-date iOS version or not. The latest updated version of iOS is 12.4.1.