Reuters
FILE PHOTO: A attendee uses a new iPhone X during a presentation for the media in Beijing
- Researchers at Google's cybersecurity division Project Zero discovered a handful of websites that were being used to hack iPhones.
- Once visited, the websites would plant a "monitoring implant" on the device, which could then steal messages, photos, and real-time GPS location data.
- The hacks spanned iOS 10 through 12, which Project Zero said indicates they took place over the course of two years.
- Visit Business Insider's homepage for more stories.
Google researchers found a handful of hacked websites that were being quietly used to infiltrate iPhones for at least the last two years.
Analysts at Google's cybersecurity division Project Zero published a deep-dive technical blog Thursday night detailing their findings.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More "There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant," security researcher Ian Beer wrote in the blog. Once inside the iPhone, this implant was able to steal messages, photos, and GPS location data in real-time.
Although the blog post didn't say exactly how many of these websites they were, the researchers estimated each one received thousands of visitors a week. The hacks spanned iOS 10 through 12, which Beer said indicated a "sustained effort" to hack iPhones over a period of two years.
Read more: Apple accidentally reopened a security flaw that makes the iPhone vulnerable to hackers
The websites gained access to the iPhones through five different methods or "exploit chains." The researchers found 14 separate vulnerabilities which made these exploit chains possible. Seven of these vulnerabilities were found in Safari, iPhones' default web browser.
The researchers told Apple about their findings in February, and gave the company a seven-day deadline to fix the vulnerabilities. Six days later, Apple updated the security on iOS 12. Google gave Apple a much tighter deadline than is usual in security disclosure, which the norm being 90 days to patch issues.
Generally Apple has a strong reputation when it comes to security, and earlier this month the company upped the amount of money it's willing to shell out for bug bounties - vulnerabilities found by security researchers - to $1 million.
Apple declined to comment when contacted by Business Insider.
Next Story
A centenarian who starts her day with gentle exercise and loves walks shares 5 longevity tips, including staying single 
A couple accidentally shipped their cat in an Amazon return package. It arrived safely 6 days later, hundreds of miles away.
FSSAI in process of collecting pan-India samples of Nestle's Cerelac baby cereals: CEO
India's e-commerce market set to skyrocket as the country's digital economy surges to USD 1 Trillion by 2030
Top 5 places to visit near Rishikesh
Indian economy remains in bright spot: Ministry of Finance
A surprise visit: Tesla CEO Elon Musk heads to China after deferring India visit
Unemployment among Indian youth is high, but it is transient: RBI MPC member
