icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
30 Aug, 2019 16:12

‘Visiting hacked site was enough’: Google says it discovered major iPhone security exploits

‘Visiting hacked site was enough’: Google says it discovered major iPhone security exploits

Google’s cyber security team has disclosed what it said were critical vulnerabilities in the iPhone, potentially allowing hackers to access millions of devices over the last two years.

Days after an emergency security patch was rushed out for the latest iPhone operating system (iOS), Google’s Project Zero has claimed that previous iOS versions were susceptible to major intrusions, in some cases letting hackers install “monitoring implants” on devices to steal sensitive information.

Also on rt.com Bad credit: Apple warns its new titanium credit card could be damaged by … pretty much anything

The security researchers found that a “collection of hacked websites” were used to exploit fourteen different vulnerabilities on iPhones running on iOS versions 10 through 12.

“There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” wrote Project Zero’s Ian Beer in a detailed blog post.

We estimate that these sites receive thousands of visitors per week.

Beer added that the team’s findings indicate that a group of hackers made a “sustained effort” to breach iPhones over a two year period.

The monitoring implants gave hackers the ability to access everything from images and messages stored on an affected device, apps like Gmail, WhatsApp and Instagram, and highly sensitive information like banking logins and other passwords, potentially leaving customers open to serious identity theft.

While Apple did eventually patch the holes in its iOS update 12.1.4, for years customers were vulnerable to the intrusions, which could still affect users on older devices, or who have not updated their software.

Apple has not yet weighed in on the disclosures.

Also on rt.com Google sued for ‘snooping on iPhone users’: Will 5.4mn Brits get compensation?

Apple is not the only tech firm struggling to protect users’ data. Google itself has come under fire over privacy issues. The company was taken to court in the United Kingdom in 2017 over allegations of illegal data collection that affected up to 5.4 million people, while the operating system on Google’s Android – a major iPhone competitor – was found to collect ten times more user data than Apple’s counterpart. The tech giant also agreed to shell out $22.5 million to the US Federal Trade Commission in 2012 over “misrepresented privacy assurances” to customers.

Also on rt.com Outcry after study shows Google’s Android collects ten times more data than Apple’s iOS

If you like this story, share it with a friend!

Podcasts
0:00
25:36
0:00
25:12