- Google warns 1 billion Apple Users they may have been attacked.
- The warning came the very day the iPhone 11 launch was confirmed.
- The details of the websites concerned have not been disclosed.
News headlines are about Apple’s security vulnerabilities all over again. After some days of its highly- publicized emergency iPhone patch, Google’s security researchers have published a new “website hack” warning that is a hammer blow to the locked-down security reputation of the Cupertino tech giant.
However, the worst part is, the warning came the very day the iPhone 11 launch was confirmed. And according to the security warnings, this one is very serious.
According to the reports, Google’s Project Zero team has disclosed that a number of “hacked websites” have been used to attack iPhones for two years.
And each and every up-to-date iPhone has been vulnerable. The researchers report said, “there was no target discrimination”. Adding to the statement they said, “simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant.”
Although the details of the websites concerned have not been disclosed, the clear implication in the disclosure is that they may have targeted a particular geographic or demographic. And that, along with the clear sophistication of the attack- points in the direction of a nation state-sponsored threat actor.
The sources say that the nature of the attack also dispels the belief that iPhone’s are not susceptible to serious, indiscriminate security breaches. Also, this is not the type of targeted attack we have seen from government agencies.
But, this was an attack that only required a device to visit and load a hacked webpage. The issues were not fixed until iOS update 12.1.4.
The Company Says
According to Google’s research team, they were able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. And this indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.
Just because this disclosure is extraordinary: the malicious websites were in operation for at least two years, and every iPhone running iOS through iOS 12 was vulnerable to attack. And in reality, that means pretty much every iPhone was vulnerable that entire time.
According to the company, there were multiple “exploit chains” in place, designed to attack multiple “security flaws.” And while doing so, the attackers were able to get highly privileged access to core parts of the iPhone operating system which enabled malware to be installed and user data to be accessed.
Zack Whittaker tweeted hours ago, “ New: Google security researchers say they have found a number of malicious websites that can silently hack an iPhone simply by visiting it. Thousands were hacked every week.”
Nicholas Thompson tweeted, “Here are the details on the biggest iPhone hack ever. And the crazy thing: it was probably a nation-state trying to spy on its citizens.