According to Google, iPhone users have been exposed to hacking activities for years now. THeir researchers have uncovered this disturbing information when they found some websites delivering attacks designed to precisely hack iPhones.
Google delivered the news that no Iphone users would want to hear. According to the tech giant, certain websites exist to deliver malware to iPhones indiscriminately.
Not only do these websites exist, they are also those frequently visited over thousands of times in a week and are now operational for years, as reported by Vice. One can only imagine the number of iPhones now hacked because the users did not know that they are visiting some malicious sites.
"There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant, Ian Beer of Google's Project Zero explained in a blog. "We estimate that these sites receive thousands of visitors per week," Beer added.
SOme of the attacks utilized "zero-day exploits," Google explained. Such exploits are those done by taking advantage of a vulnerability that Apple is not aware of in the first place. Tis makes the affected company or Apple have no days to find a fix. Zero day attacks are often done for hacking phones or computers, because the company does not know any better about the existence of certain vulnerabilities and have not prepared any possible fixes.
Google further explained that these discoveries are truly bothering because considering how hard iPhones are to hack, the company was still able to find around five different kinds of iPhone exploit chains linked to 14 different kinds of vulnerables, majority of them unknown to Apple.
Users should really feel threatened because once an attack has successfully hacked an iPhone, malware can start infecting the device and gather sensitive information. "The implant is primarily focused on stealing files and uploading live location data. The implant requests commands from a command and control server every 60 seconds," Beer warned.
Passwords stored in the phone's keychain can be compromised as well. The solution is easy, because the implant does not have persistence. if the iPhone will be rebooted, the malware can vanish. And yet, by the time, it might be too late. One infection can already steal a boatload of sensitive information.
Even if the malware is removed, stolen information can already be used by jackers to further ruin the user's life. With the information they stole, hackers will be "able to maintain persistent access to various accounts and services," despite losing access to the device already, Beer said. He also said that such attacks might have been happening for two years already.
