Hackers have been breaking into iPhones without a trace for the past two years, according to Google on Friday, Aug. 30.
The malicious activities were discovered by Project Zero, a group of security analysts from Google who is tasked with investigating cybercrime.
The Attack
According to a blog post by Project Zero's Ian Beer, the operations were quite straightforward. The cyber attackers targeted several hacked websites, which attacked the iPhones that visit the site and installed spyware on these devices. The implanted spyware make the iPhones and users extremely vulnerable to malicious players who gain access to messages, passwords, photos, and even real-time GPS locations.
While the exact number of affected devices are unclear, Beer and the team estimated that the infected websites receive thousands of visitors every week. Since these websites have been running since 2017, a huge chunk of iPhone users could already have been affected.
Additionally, nearly all models in the iPhone lineup are found to be vulnerable to the exploits found by Project Zero, specifically all devices running from iOS 10 to iOS 12.
Before making its findings public, Project Zero gave Apple a heads up about the iPhone vulnerabilities, which allowed the tech company to shut down these vulnerabilities in iOS 12.1.4 in February 2019.
While Beer did not divulge the specific websites involved in the hacking operations, Variety noted that the language and wording of his blog post suggested that these websites targeted specific types of Internet users, such as ethnic minorities and opposition groups in certain countries.
No Device Is Completely Secure For Targeted Individuals
In the blog post, Beer warned the public that no single device is completely and irrevocably private. Some individuals, he pointed out, make risky decisions based on perceptions of their devices' security, but no protections can eliminate the risks if one is targeted.
Furthermore, getting targeted might be as simple as being born from a specific region or being part of a specific ethnic group.
In an interview with Wired, Cooper Quintin, a security researcher with the Electronic Frontier Foundation, said that the mass infection tactics suggest that the players behind the attacks are state-sponsored. According to him, it appears to be a government seeking to keep an eye on a large group who could be identified by visiting a certain website.
"There are plenty of minority groups like the Chinese Uyghurs, Palestinians, people in Syria, whose respective governments would like to spy on them like this," Quintin explained. "Any of those governments would be happy to pull out this technique if they came into exploit chains of this magnitude."
Jake Williams, a former NSA hacker and founder of the security firm Rendition Infosec, added that the hack exhibits many hallmarks of a domestic surveillance operation. However, since it has coasted undetected for so long, it appears to be confined to a foreign country.
Ultimately, Beer cautioned device users to always keep their device's vulnerability in mind.
"All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them," he concluded.