Google’s Project team Zero found some harmful websites that could hack into iPhones. The websites would have installed malware which could then results in leaking user data including messages, photos, and location details. Google’s security researchers part of their Project Zero team has said that they discovered numerous hacked websites for years, which have installed malware onto iPhones of those users who visited them. iPhone users visited any of these websites, is likely that they would have had their data leaked like their messages, photos, and location.
What They Had in Their Report?
According to a recent report of Google Zero Team, they had reported their finding of the security fault to Apple earlier this year, and the fault was recover in the iOS 12.1.4 update, released by Apple in February. Apple also published the details on its support page as well, if something it does for all its security-related updates.
How Malware Affects iPhone
According to Google’s blog, there was no clearly defined discrimination and simply visiting the hacked site was enough for the exploit server to attack the device. It further added that once it was successful, it would install a monitoring implant on the device. The details of Project Zero’s findings were published by Google Project Zero’s Ian Beer. “We estimate that these sites receive 1000’s of visitors per week,” he mentioned in the blog. Though malware attacks are few on iPhones which are considered to be thoroughly secured. In the past, Apple has also offered up to $1 million to security researchers for finding weakness/fault on iOS devices. It is not clear who is behind these malware attacks which could happen by just merely visiting a hacked website. The blog also gave details about individual happenings/vulnerabilities. It clearly defines how the hack gave hackers complete control of a device. It would allow hackers to install harmful apps, get real-time location details and steal photos and messages, even if they are secured. Since the malware had whole access, it could fetch the details of all messages even before they got secured.
What Information Stolen?
These attacks stole the personal information of the iPhone user, they were sending across without any security, which means that anybody with the same Wi-Fi network may also see the stolen content. The malware was wiped off if the iPhone was rebooted and return as soon as the user visited any of the hacked websites again.
Are iPhones Totally Secured?
Even if the malware was removed from the device, the attackers can cause further damage with the help of stolen passwords and messages it obtained previously from the malware.