Google finds 'iOS exploit chains' that have been hacking iPhones for years
Aug 30, 2019, 11:46 IST
Advertisement
- iPhones are publicly perceived to be impretable against hacks.
- Google's Project Zero has found that this may not hold.
- Security researchers were able to find 12 vulnerabilities in Apple's operating systems, including seven on iPhone's inbuilt browser, Safari.
The attacks were 'indiscriminate' and 'sustained efforts' to hack into iPhones. Google's Threat Analysis Group was able to find fourteen vulnerabilities across five exploit chains.
Seven of these vulnerabilities were on the iPhone's in-built browser, Safari.
Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More
These 'exploit chains' allowed the hackers to gain root access, which is basically the highest level of access that one can attain for an Apple iPhone. It also means that they have significant control over the device like being able to install malicious apps without the victim ever finding out.
What was at risk?
Advertisement
It's not about the money
Google told Apple about the vulnerabilities in their system back in February, giving them a week to fix the problem. It was affecting all iPhones from iOS 10 to iOS 12.
And, sure enough, Apple rolled out the iOS 12.1.4 to patch up the holes in its security within six days.
"I shan't get into a discussion of whether these exploits cost $1 million, $2 million, or $20 million. I will instead suggest that all of those price tags seem low for the capability to target and monitor the private activities of entire populations in real time," stated Ian Beer, the security researcher at Project Zero who found the vulnerabilities.
No phone is totally secure
Advertisement
Even though Apple has fixed the flaws found by Google, it doesn't mean that the iPhone is completely foolproof. "The reality remains that security protections will never eliminate the risk of attack if you're being targeted," said Beer.He advises users to treat their mobile devices with caution.
"All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them," Beer explains.
See also:
Apple accidentally reopened a security flaw that makes the iPhone vulnerable to hackers
Apple is offering a $1 million reward to anyone who can pull off this specific iPhone hack
Advertisement
Can iPhones get viruses? Here's what you need to know