Google has warned that at an alarming rates websites have been found to be able to hack many Iphones just by users visiting these sites. Google’s Project Zero security researchers have said that they found several hacked websites that slipped malware onto user’s Iphones for years.
The situation is such that when users visited these sites their personal data such as photos, locations and even messages could be compromised.
The team reported its findings to Apple earlier this year, and the vulnerability was patched in the same update that fixed the FaceTime eavesdropping bug.
Though with a track record of minor vulnerabilities and much secured mobiles, Apple has offered up to 1 million dollars to any security researchers who can find security vulnerabilities on its devices. It is still unclear as to who has carried out such attacks on the tech giants making users open to attacks on a single visit.
In a blog post on Thursday detailing the team’s findings, Ian Beer with Project Zero said “There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.”
The security issue ran from iOS 10 to the current version, iOS 12, meaning the hackers targeted Iphone users over at least two years.
When Google disclosed the vulnerability to Apple in February, the company issued a patch less than a week later.
Such attacks makes the phone open to hackers allowing them manipulate and install malicious apps, get location data and steal photos and messages, even if they’re encrypted. The malware even has the potential to get contents of messages before they were encrypted, Google researchers said.
The implant could access the device’s private info, which includes passwords and database files used by end-to-end encrypted messaging apps like WhatsApp, Telegram and iMessage.
As regards its function, iOS doesn’t allow for malware scans, and it’s possible that contributed to the hack being hidden for so long, security researchers have said. The feature of iOS, intended to keep devices secured, may have worked against it in this case by preventing the attack from being discovered.
To prevent vulnerability, users are strongly encouraged to make sure their Iphone devices are completely updated to avoid attacks.
- Twitter: Our Policy Does Not Give Free Rein to Political Figures. - October 17, 2019
- Google Set To Launch Pixel 4 and Pixel 4 XL on 15th Oct. 2019 - October 16, 2019
- A Nigerian Developer Won $10k Prize on a Startup Innovation Competition - October 13, 2019