Google finds 'iOS exploit chains' that have been hacking iPhones for years

Google finds 'iOS exploit chains' that have been hacking iPhones for years
Apple trolled Google with a massive billboard at CES 2019 Business Insider

  • iPhones are publicly perceived to be impretable against hacks.
  • Google's Project Zero has found that this may not hold.
  • Security researchers were able to find 12 vulnerabilities in Apple's operating systems, including seven on iPhone's inbuilt browser, Safari.
Apple's iPhones might not be as safe as everyone thinks they are. In fact, malicious websites have been hacking into iPhones for at least two years according to security researchers with Google's Project Zero.

The attacks were 'indiscriminate' and 'sustained efforts' to hack into iPhones. Google's Threat Analysis Group was able to find fourteen vulnerabilities across five exploit chains.

Seven of these vulnerabilities were on the iPhone's in-built browser, Safari.

These 'exploit chains' allowed the hackers to gain root access, which is basically the highest level of access that one can attain for an Apple iPhone. It also means that they have significant control over the device like being able to install malicious apps without the victim ever finding out.

What was at risk?

According to Google's analysis, the flaws in Apple's operating systems were used to steal user images, messages, and track their real-time location. Hackers also had the ability to access bank passwords and pins saved on the device.


It's not about the money

Google told Apple about the vulnerabilities in their system back in February, giving them a week to fix the problem. It was affecting all iPhones from iOS 10 to iOS 12.

And, sure enough, Apple rolled out the iOS 12.1.4 to patch up the holes in its security within six days.

"I shan't get into a discussion of whether these exploits cost $1 million, $2 million, or $20 million. I will instead suggest that all of those price tags seem low for the capability to target and monitor the private activities of entire populations in real time," stated Ian Beer, the security researcher at Project Zero who found the vulnerabilities.

No phone is totally secure

Even though Apple has fixed the flaws found by Google, it doesn't mean that the iPhone is completely foolproof. "The reality remains that security protections will never eliminate the risk of attack if you're being targeted," said Beer.

He advises users to treat their mobile devices with caution.

"All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them," Beer explains.

See also:
Apple accidentally reopened a security flaw that makes the iPhone vulnerable to hackers

Apple is offering a $1 million reward to anyone who can pull off this specific iPhone hack

Can iPhones get viruses? Here's what you need to know