Google security team reveals years-long spyware attack on iPhone users

Google security team reveals years-long spyware attack on iPhone users
Digital sovereignty

Security researchers at Google have discovered a hacking operation which installed malware on the iPhones of “thousands of users a week,” over two and a half years, according to BBC News.

Cybersecurity experts are calling it the worst general security failure yet found on Apple devices, and some researchers have suggested it showed signs of a hacking effort by a nation-state. The vulnerability was discovered and patched earlier this year.

The malware installed ‘monitoring implants’ on the iPhones of users who visited a number of hacked websites. No further interaction was needed for the malware to breach the devices, and once installed, hackers were able to monitor contacts, location data, chat histories, images, messages, passwords, and other sensitive information. The implant was also able to access data from apps like Instagram, WhatsApp, Telegram, Gmail, and Hangouts.

“There was no target discrimination,” according to cybersecurity expert Ian Beer, a member of Google’s Project Zero security team. “Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant.”

Beer described the attack in a blog post Thursday. 

Project Zero has become controversial in the tech world—when the team’s white-hat hackers find vulnerabilities, they announce their findings to the public 90 days after reporting them to the company involved, regardless of whether the bug has been fixed, according to The Guardian.

Apple was notified of the vulnerabilities in February, and released a patch within a week. At the time, they told users the update included “improved input validation” to fix “memory corruption” issues. 

The implant was not persistent, which meant a simple restart of the device could clear it from memory. But once their data was acquired, this may not have protected users, according to Beer. 

“Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device.”

Current iPhone users should ensure that their software is updated to the most recent version. But Beer points out that for every hacking effort that gets discovered, there are many more that haven’t been uncovered. 

“All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”

Photo by Olly Browning from Pixabay