Anticipated as one of the most significant attacks on Apple users. Google researchers have recently found multiple hacked websites that were spreading malicious attacks to infect and hack iPhones.

As per Google, these websites are believed to be operational from the year, were visited thousands of times by users. There is no targeted discrimination and a mere visit to the hacked website is enough to infect the device.

Ian Beer, from “Google Project Zero”, stated that these sites have close to a thousand + visitors per week.

Some of these attacks are also being termed as Zero-Day attacks as they take advantage of security loopholes and system vulnerabilities. Moreover, it is relatively hard to fix such Zero-Day assaults because of the vast disparity in the different types of system loopholes. Finding a fix for such a massive range of vulnerabilities is quite an impossible task

In comparison to Android devices, Apple hacks are relatively tricky and quite expensive, and a full exploit chain can cost up to $3 million. This included all possible system vulnerabilities including browser, OS, kernel, and other parts, to get away from an application sandbox, which is designed to run code inside the phone.

TAG (Google’s Threat Analysis Group) was able to get their hands over 5 different iPhone exploit chains, containing approximately 14 types of system vulnerabilities, wrote Beer. He also cited, that these exploits targeted various iOS versions, including iOS 10 and 12 latest versions.

A successful exploit makes it easy to leave the malware on the device. Beer, further stated that the implant primarily focuses on uploading live location details and stealing essential files. This implant can also access the user’s keychain, which generally contains private credentials. Furthermore, it can also access an encrypted messaging database of various apps like iMessage, WhatsApp, etc.

The good news here is that the implant is not persistent, which means you can easily remove it by rebooting your device. But unfortunately, even a single infection is enough to steal your sensitive information.

Beer further stated that, in light of the stolen information and authentication tokens, the attackers will still be able to access various accounts even if they lose control over the device post-reboot.

Unlike old attacks which were spread through text messages, infected links, phishing emails, this attack seems to be highly broad in scope.

According to Beer, the group is making a continuous effort to hack multiple iPhone devices over the last 2 years.

Next articleYouTube To Roll Out Separate Web page for Youngsters
Avatar photo
lori is a whiz with technology. He knows all about the latest gadgets and devices, and is always up-to-date on the latest trends in the tech world. He's always happy to share his knowledge with others, and loves helping people learn about new technology. lori is passionate about his work, and takes great pride in being an expert in his field.


Please enter your comment!
Please enter your name here