On Friday, Google announced that it is more than two years that hackers have exploited a vulnerability in iPhone devices’ operating systems by using a spyware.
As reported by Ian Beer of Project Zero, a team of Google security analysts that investigates cybercrime, there are targeted websites that when iPhone users visit them, the hackers attack their devices and install malware on them.
“There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week,” Beer mentioned in a blog post.
According to Project Zero researchers, in this way, hackers could access Apple users’ data and steal all their information, as well as messages sent through iMessage, WhatsApp, Gmail and Google Hangouts. He also mentioned that almost every version of Apple’s iPhone operating system have been vulnerable.
Old bugs which bring new hack
The security bugs which have been identified by Beer, are not new.
“Ian shows this is the first time these types of vulnerabilities have been used out on the wide internet, where if the malicious code was present on a certain website that was accessed, the unsuspecting user would be infected, and remain blissfully ignorant of it,” said operating system internals researcher Jonathan Levin.
“It requires a lot of research, and there has to be an endgame motive for this,” he told CBS MoneyWatch. “It’s possible that those behind the hack targeted a specific demographic or interest groups.”
“My personal hunch, because of the level of proficiency and efficacy of the exploits, is that this is not the work of your average hacker,” he added.
Beer also mentioned that “All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”
Even Android Is No More Safe
Though Beer has mentioned some of the iPhone’s vulnerabilities, this does not mean that Google’s Android operating system is safer, Levin said.
“The takeaway shouldn’t be, ‘I’m going to use Android from now on because it’s more secure.’ That’s far from it,” he said. “Similar and/or possibly worse bugs exist in Android and other operating systems as well. Google Project Zero simply chose to highlight iOS this time.”
Apple claims to be the most secure operating system, and for good reason. “Apple genuinely invests extreme efforts in securing iOS on multiple layers, down to their proprietary hardware, and in some aspects are still way ahead of Android,” Levin said.