WASHINGTON (Reuters) – Suspected hackers infected Apple’s spyware with spyware within two years, researchers said on Friday, which security experts said on Friday was a serious security failure for its privacy company.
Visiting one of the fewer contaminated sites can infect your iPhone, and is capable of sending real-time data to smartphone owner messages, emails, photos, and cyberspace behind the process.
“This is certainly the most serious iPhone hacking incident that has been brought to the public’s attention because of both random targeting and the amount of data the implant displays,” said Jake Williams, the former US government hacker.
It was announced late on Thursday evening by Google researchers, and the vulnerability was finally quietly fixed by Apple until February, but thousands of iPhone users were exposed just over two years later.
The researchers did not identify the spyware or websites used to locate them. He did not say who was behind cyberspace or what was targeting the population, but experts said the nation-state’s efforts in the process had been identified.
Williams said the spyware transplant was not written to transmit stolen data safely, suggesting that hackers were not interested in their occurrence.
States that there is a totalitarian state behind them. He speculated that it was used to target political opponents.
Sensitive data accessed by spyware includes WhatsApp, iMessage, Telegram text messages, Gmail, photos, contacts, and real-time locations – all databases on the victim’s phone.
While messaging apps can encrypt data in transit, they can be read comfortably on iPhone.
Google researcher Ian Bear said in a blog published late on Thursday that the discovery should dispel any idea that a successful iPhone hacking would cost $ 1 million.
This is an indication of the case of the UAE dissident who was hit by the iPhone in what is known as “zero day exploits” in 2016, which are known to have brought these high prices.
Of these 14 vulnerabilities, joined by Project Xero, Google researchers include victims of security bugs in microprocessors, microprocessors, and independent of their origin, state-sponsored perpetrators and hackers using intelligence agencies.
“It should be a wake-up call to people,” said Will Straffach, a mobile security specialist at Sudo Security. “Anyone on any platform is likely to be infected with malware.”
Bear said his team estimated that infected sites used for a “random watering attack” received thousands of visitors a week.
He said the team collected five different sets of adventures covering Apple for iOS as of version 10 released in 2016.
Apple did not respond to requests for comment about why the vulnerabilities were not detected on its own, and if it could reassure users that such a normal attack could not happen again. Ensuring privacy is central to the Apple brand.
Matt Lawrence, director of security at Check Point Software Technologies, described the development as a dangerous game changer.
He said that when the owners of the iPhone had already waived for zero days, in order to increase prices, it is now possible to plant the seeds of spyware on a large scale at a lower cost per injury.
“It presents the way we look at the use of mobile devices for enterprise applications as a whole, and the security risks to the individual and / or organization,” Lawrence said in an e-mail.
On his blog, Google Beer researcher warned that full digital security cannot be guaranteed.
Smartphone users should be “aware of the fact that mass exploitation still exists and behaves accordingly;” he wrote, “both consider their mobile devices an integral part of their modern lives, but as devices that, if compromised, could load every task on the database , Maybe used against it. You can go. “