News

iPhones have been hacked by malicious sites for two years

Researchers from Google have discovered a number of malicious websites that have been used for at least two years to infiltrate iPhones.

On Thursday night, the analysts, who work at Project Zero (Google’s cyber security division), detailed their findings in a deep-dive technical blog.

Security research specialist Ian Beer wrote: “There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant.”

Once the implant had infiltrated that particular iPhone, it was able to steal not only photos but also messages as well as GPS location data all in real-time.

The blog post did not reveal precisely how many of these malicious sites there were, but according to the researchers’ best estimates, each one of them received thousands of unsuspecting visitors every week.

The hacks started with iOS 10 and were only patched with iOS 12.

According to Beer, this is an indication that there had been a “sustained effort” to gain unauthorised access to iPhones over the last two years.

The websites in question used five different methods, also known as “exploit chains”, to get access to iPhones.

The research team discovered 14 vulnerabilities that could be exploited by these exploit chains.

No fewer than seven of them were discovered in Safari the default web browser on all new iPhones.

The researchers reportedly informed Apple about their discovery in February 2019.

They gave the Cupertino-based firm an unusually short seven days to fix the bugs.

Apple took up the challenge and, within six days, it released the necessary iOS 12 security update.

As far as security is concerned, Apple normally has quite a solid track record.

Last month, for example, it increased the amount of money that it is prepared to pay as a bug bounty (i.e. for software bugs discovered by security researchers) to $1m.

Tags

About the author

Chris

I've been a passionate evangelist for Apple and the Macintosh throughout my working life, my first love was a Quadra 605 working with a small creative agency in the south of Norfolk UK in the mid 1990's, I later progressed to other roles in other Macintosh dominated industries, first as a Senior graphic designer at a small printing company and then a production manager at Guardian Media Group. As the publishing and printing sector wained I moved into Internet Marketing and in 2006 co-founded blurtit.com which grew to become one the top 200 visited sites in the US (according to Quantcast), at its peak receiving over 15 million visits per month. For the last ten years I have worked as an Affiliate and Consultant to many different business and start ups, my key skill set being online marketing, on page monetisation, landing page optimisation and traffic generation, if you would like to hire me or discuss your current project please reach out to me here.

You can also follow me on: and

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.