Hackers harvested private photographs and data from iphones for more than two years
HACKERS secretly installed “monitoring implants” in Apple iphones, allowing them to harvest private photographs, emails and messages for years.
The unprecedented attack, which lasted around 30 months, was found by Google.
It allowed criminals to gain access to potentially millions of iphones via malicious websites without users ever knowing.
“There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device and, if it was successful, to install a monitoring implant,” said Ian Beer, Google’s security expert.
Hackers were able to read people’s encrypted messages, monitor their real-time locations and intercept their emails, allowing them to gain a complete overview of a target’s digital life.
The hack is believed to have affected devices running operating systems from IOS 10, released in 2016, through to IOS 12. iphone users on these operating systems have been told to go into their settings and update their software urgently.
Dr Lukasz Olejnik, a research associate at Oxford University, called the attack “high impact, very sophisticated and efficient”.
“These look to be very specific, sophisticated and costly tools,” he said.
Google said it reported the security issues to Apple on February 1.
Apple then released a software update on February 7 that blocked the malicious software.
Most of the security flaws were found within Safari, the default web browser on Apple devices. The researchers at Google who found the vulnerability did not disclose who had carried out the attack or who had been targeted. However, they did say that the websites which were used to distribute the hack saw thousands of visits every week during the years they were active.
Jake Williams, a cybersecurity expert, pointed to errors in the way that the hacked sites were set up. He said the flaws suggested that the hackers had purchased sophisticated tools, but may have not been able to implement them correctly.
“It sure sounds like a group with tons of money to buy exploits and little operational experience,” he said on Twitter yesterday.
An Apple spokesman did not respond to a request for comment.