Google’s cybersecurity team has disclosed what it said were critical vulnerabilities in the iPhone, potentially allowing hackers to access millions of devices over the last two years.
Days after an emergency security patch was rushed out for the latest iPhone operating system (iOS), Google’s Project Zero has claimed that previous iOS versions were susceptible to major intrusions, in some cases letting hackers install “monitoring implants” on devices to steal sensitive information.
#Google Researchers Uncover 2-year #iPhone Hack Tied to Malicious Websites ⠀https://t.co/2x6C4UApNp ⠀#Apple #dataprivacy #dataprotection #infosec https://t.co/ZdorpU223m pic.twitter.com/U9WIbkSUez
— Neira Jones (@neirajones) August 31, 2019
The security researchers found that a “collection of hacked websites” were used to exploit fourteen different vulnerabilities on iPhones running on iOS versions 10 through 12.
“There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” wrote Project Zero’s Ian Beer in a detailed blog post.
While Apple did eventually patch the holes in its iOS update 12.1.4, for years customers were vulnerable to the intrusions, which could still affect users on older devices
Beer added that the team’s findings indicate that a group of hackers made a “sustained effort” to breach iPhones over a two year period.
The monitoring implants gave hackers the ability to access everything from images and messages stored on an affected device, apps like Gmail, WhatsApp and Instagram, and highly sensitive information like banking logins and other passwords, potentially leaving customers open to serious identity theft.
https://twitter.com/vanuatutech/status/1167263304416260096
While Apple did eventually patch the holes in its iOS update 12.1.4, for years customers were vulnerable to the intrusions, which could still affect users on older devices, or who have not updated their software.
Apple has not yet weighed in on the disclosures.
Read more: Apple admits to slowing down older iPhones!
Apple is no the only tech firm struggling to protect users’ data. Google itself has come under fire over privacy issues. The company was taken to court in the United Kingdom in 2017 over allegations of illegal data collection that affected up to 5.4 million people, while the operating system on Google’s Android – a major iPhone competitor – was found to collect ten times more user data than Apple’s counterpart. The tech giant also agreed to shell out $22.5 million to the US Federal Trade Commission in 2012 over “misrepresented privacy assurances” to customers.
RT with additional input by GVS news desk