Google discovered an unknown and undiscriminated campaign that allowed developers to hack iPhones via certain web pages further allowing hackers to steal user information by the minute.
After a detailed investigation in to the critical issue, Google’s Project Zero security expert Ian Beer illustrated on a deep-dive blog post how hackers had been using certain harmful websites to attack iPhone software. However, the specific details of the websites used or number of people that victims was not disclosed.
“There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” Beer wrote. “We estimate that these sites receive thousands of visitors per week. ” – Reported by Daily Herald.
The hacking of iPhones let the investigators to discover that the data collected was the personal information of users like keychain passwords, messages, contacts and app information like like WhatsApp and Gmail.
Considering Apple Inc.’s efforts of securing user information and best-in-class encryption, it’s very rare that iPhone users experience these kinds of attacks. That being said, this might be recorded as one of the most prominent software attacks in the history of iPhones.
Project Zero was created in 2014 and has appointed multiple researchers to find vulnerabilities. Ever since its formation, approximately 1600 hardware and software vulnerabilities have been reported.
Although as efficient as it is, Project Zero has been known for its toughness on third-party software developers. If a bug is found in the software created, Project Zero gives them 90 days to fix it before disclosing the details publicly.
Recently, Project Zero said that majority (95.8%) of the bugs found in the software systems are fixed before 90 days. However, earlier this year on February 1st, when Project Zero informed Apple about the breach, Apple gave them 7 days to fix the issue stating urgency as iOS 12.1.4 was prepared to be released on February 7th.
Although Apple Inc. is well known for its high-end security of its hardware and software, surprisingly provided “hacker-friendly” devices to certain third-party developers in the hopes of reverse engineering the hacking process on Apple devices as well as spot the vulnerabilities quicker than the hackers themselves.