On August 29th, Project Zero, Google’s Threat Analysis Group revealed that malicious websites had been covertly and successfully hacking iPhones for years. The report stated the hacked sites were being used in indiscriminate watering hole attacks against their visitors.
The report stated, “there was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.”
In other words, an infected iPhone will be able to monitor live location data, be used to grab photos, contacts, passwords and other sensitive information. Attackers could also potentially read and listen to communication on messaging services like Whatsapp.
What’s more alarming is that victims would have no indication that their devices were compromised.
Now, this revelation of the vulnerability to IOS comes indeed as a shock to the world. Simply because of Apple’s tightly controlled software ecosystem that ensures nothing goes on an iPhone without being approved by Apple.
Which is why, following this revelation by Project Zero, Apple released a statement calling for calm and also claiming Google’s exposé as generating fear and creating a false impression.
According to the statement, Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real-time,” stoking fear amongst all iPhone users that their devices had been compromised.
As Apple puts it, this was never the case as they were already in the process of fixing the exploited bugs. Apple claims that the website attacks were only operational for a brief period of around two months and not “two years” as implied by Google. And they end their statement by ensuring customers that security is always a top priority.
Whatever it may be, security in mobile devices continues to be a growing concern, on Android and IOS. Cybercriminals are finding new methods to exploit our devices and are seeing some success despite the many cybersecurity and protective software we have on our devices. There are endless vulnerabilities. But at the same time, we are also ever more so dependent on our mobile devices today than ever before.
This isn’t the first time Apple is facing problems with cybersecurity. Just a couple of months ago, it was revealed that iPhones can be hacked from a text message. Before that, there was also the FaceTime bug which affected thousands further proving that vulnerabilities in our devices need closer inspection to strengthen security.
Apple needs to prove that their devices are well-protected and constantly monitored. With iPhone sales slowing down, the last thing Apple needs is another big security issue like this to jeopardise their customer trust and loyalty.