Google reveals years-long 'indiscriminate' iPhone hack

Google security experts uncovered an "indiscriminate" hacking operation that targeted iPhones over a period of at least two years and used websites to implant malicious software to access photos, user locations and other data.

In a post on Thursday on the blog of Google's Project Zero security taskforce, cyber experts did not name the hacked websites hosting the attacks, but estimated they received thousands of visitors a week.

    "Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant," said Project Zero's Ian Beer.

    Once installed, the malicious software "primarily focused on stealing files and uploading live location data," Beer said, adding it had been able to access encrypted messenger apps like Telegram, WhatsApp and iMessage.

    Google hangouts and Gmail had also been affected, he added in the post, which provided a detailed breakdown of how the malicious software targeted and exploited iPhone vulnerabilities.

    Safari web browser 

    Most of the vulnerabilities targeted were found in the iPhone's default Safari web browser, Beer said, adding that the Project Zero team had discovered them in almost every operating system from iOS 10 through to the current iOS 12 version.

    Once embedded in a user's iPhone, the malicious software sent back stolen data, including live user location data back to a "command and control server" every 60 seconds.

    Beer said Google had informed Apple of the attacks in February, and Apple subsequently released a security patch for the iOS 12.1.

    Long the driver of Apple's money-making machine, iPhone revenue overall was down 12% from last year to $26bn.

    The tech giant sent out invitations on Thursday to a September event at its Silicon Valley campus where it is expected to unveil a new-generation iPhone.

    We live in a world where facts and fiction get blurred
    In times of uncertainty you need journalism you can trust. For 14 free days, you can have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today. Thereafter you will be billed R75 per month. You can cancel anytime and if you cancel within 14 days you won't be billed. 
    Subscribe to News24
    Rand - Dollar
    16.97
    +1.2%
    Rand - Pound
    20.36
    +0.8%
    Rand - Euro
    17.60
    +0.9%
    Rand - Aus dollar
    11.43
    -0.1%
    Rand - Yen
    0.12
    +0.5%
    Gold
    1,755.22
    +0.8%
    Silver
    21.29
    +1.7%
    Palladium
    1,865.00
    +0.9%
    Platinum
    1,002.50
    +1.0%
    Brent Crude
    83.19
    -0.5%
    Top 40
    67,015
    +0.0%
    All Share
    73,345
    -0.0%
    Resource 10
    71,622
    +1.2%
    Industrial 25
    88,258
    -0.1%
    Financial 15
    16,187
    -1.2%
    All JSE data delayed by at least 15 minutes Iress logo
    Company Snapshot
    Editorial feedback and complaints

    Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

    LEARN MORE
    Government tenders

    Find public sector tender opportunities in South Africa here.

    Government tenders
    This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
    Browse tenders