Google reveals multiple exploits on Apple iOS enabling silent install of devastating spyware
Just days after Apple hit the headlines for their latest emergency security patch, Google announced yesterday that Apple iPhones have been targets of a global cyber attack that had been ongoing for several years. The cybercriminals infiltrated individual iPhones via successfully hacking a range of websites. Any misfortunate iPhone users who visited these compromised websites, were clueless that they had downloaded spyware onto their iOS devices.
iSpy with iOS
The spyware gave the hackers access to practically every aspect of the mobile device. Applications targeted included WhatsApp, iMessage, Gmail and Telegram messages, contact lists, entire photo libraries, saved passwords and location information. Data was uploaded to the hackers’ domain every 60 seconds. The malicious code disappeared if the user turned off their device, meaning that the malware would only return if the same website was re-accessed. Nonetheless, a single infection provided enough time for a wide sweep of the phone. With over 2.2 billion iPhone users in the world, the news comes as a shock to dedicated Apple advocates, particularly those who have been complacent about the risk of a successful iOS hack.
And it’s not just personal data that’s at risk
The cyberattack not only jeopardized user’s personal data, but easily put confidential corporate data and credentials at risk. Employees use phones not just to visit well known (and hopefully well protected) websites, but also, sites of their local schools, sports clubs and gyms. Hackers then break into these types of sites and harvest a rich trove of information from employees phones. Infiltrating just one company device had the potential of being the gateway to the entire organization’s confidential information.
Apple’s response to the iOS attack
Through software updates, Apple have successively closed off the vulnerabilities that enabled these exploits with Google confirming that Apple patched the last vulnerability in the 12.1.4 update in February 2019. However, this incident reminds us that we can never be too careful when it comes to mobile device safety. Hackers have shown themselves adept at breaching sophisticated modern operating systems.