Google Exposes 14 Long-Hidden Exploits in Unhackable iPhone – CCN Markets
Google’s Project Zero team revealed 14 iPhone security flaws hackers have secretly exploited for two years, questioning whether Apple’s device is really so “unhackable” as has long been claimed.
Thousands of iPhone owners at risk?
According to the series of blog posts published by Google’s zero-day security analyst team, the attackers indiscriminately used watering hole attacks against iPhone users, installing monitoring implants to devices which have visited websites infected by the hackers.
Google researchers estimate that the infected sites receive thousands of visitors every week.
According to one blog post, the 14 vulnerabilities were a part of five unique iPhone exploit chains that covered almost every version of Apple’s mobile operating system from iOS 10 to the latest version of iOS 12, indicating that the hackers were working hard to exploit the security flaws.
Half of the iPhone vulnerabilities were discovered in Apple’s Safari browser, five in the kernel, and hackers also used two separate sandbox escapes to access data outside the permissions of an app or a process.
Apple users risk leaking sensitive information
The hackers have launched one of the most comprehensive attacks ever deployed against iPhone users.
What proves this best is the broad access of the monitoring implant, which could acquire location data, photos, contacts, and sensitive information like passwords from the iOS Keychain after successful installation.
The attack had such deep access to iPhone systems that hackers could even read or eavesdrop the messages of victims on encrypted communications services like WhatsApp or iMessage.
There’s also a chance that the attackers have acquired access tokens from the Apple victims, which they could use to log into social media and communications accounts.
Google reveals that Apple iPhones are not unhackable
The new Google research highlights that the iPhone is not the unhackable mobile device Apple has dreamed of – despite the company’s previous claims on the smartphones being hacker-proof.
The ability to hack iPhones became a hot topic after the US Department of Justice (DOJ) sued Apple for refusing to help the FBI to hack a device owned by an ISIS terrorist.
Later on, the agency managed to break into the terrorist’s iPhone with the help of a third-party and released an extensively redacted document, revealing almost nothing about the methods they used to hack the device.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.