Business
iPhone bug also accessed WhatsApp, Telegram chats: Google
San Francisco, Sep 3
Google researchers have identified a vulnerability that accessed all the database files on the victim's iPhone used by end-to-end encryption apps like WhatsApp, Telegram and iMessage.
In one of the biggest attacks against iPhone users, researchers working in Google's Project Zero team earlier discovered several hacked websites that used security flaws in iPhones to attack users who visited these websites.
The malicious websites may have compromised personal files, messages, and real time location data of iPhone users. After they reported their findings to Apple, the Cupertino-based tech giant patched the vulnerabilities.
Later, they also revealed that the users' chats in WhatsApp and Telegram were also compromised.
"In the earlier posts, we examined how the attackers gained 'unsandboxed' code execution as root on iPhones."
"The implant has access to all the database files (on the victim's phone) used by popular end-to-end encryption apps like WhatsApp, Telegram and iMessage," said Ian Beer from Google's Project Zero.
The implant was primarily focused on stealing files and uploading live location data.
"The implant can upload private files used by all apps on the device," said the researchers.
The researchers were able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12.
"This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years," said Beer.
The websites delivered their malware indiscriminately and were operational for years, said Google.
"Earlier this year, Google's Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day," said Beer.
There was no target discrimination as simply visiting the hacked site was enough for the exploit server to attack the iPhone, and if it was successful, install a monitoring implant.
"We estimate that these sites receive thousands of visitors per week," said the Google blog post.
In one of the biggest attacks against iPhone users, researchers working in Google's Project Zero team earlier discovered several hacked websites that used security flaws in iPhones to attack users who visited these websites.
The malicious websites may have compromised personal files, messages, and real time location data of iPhone users. After they reported their findings to Apple, the Cupertino-based tech giant patched the vulnerabilities.
Later, they also revealed that the users' chats in WhatsApp and Telegram were also compromised.
"In the earlier posts, we examined how the attackers gained 'unsandboxed' code execution as root on iPhones."
"The implant has access to all the database files (on the victim's phone) used by popular end-to-end encryption apps like WhatsApp, Telegram and iMessage," said Ian Beer from Google's Project Zero.
The implant was primarily focused on stealing files and uploading live location data.
"The implant can upload private files used by all apps on the device," said the researchers.
The researchers were able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12.
"This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years," said Beer.
The websites delivered their malware indiscriminately and were operational for years, said Google.
"Earlier this year, Google's Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day," said Beer.
There was no target discrimination as simply visiting the hacked site was enough for the exploit server to attack the iPhone, and if it was successful, install a monitoring implant.
"We estimate that these sites receive thousands of visitors per week," said the Google blog post.
4 hours ago
U.S. forces withdraw 17 of 20 American medical personnel from Gaza
4 hours ago
Beijing responds to US warnings about its assistance for Russia by claiming military collusion with Taipei.
4 hours ago
Coalition unites in fight against hate crimes; Hindu American Foundation joins
4 hours ago
Sanket Jayshukh Bulsara, an Indian-American, has been confirmed as a district judge by Senator Schumer.
4 hours ago
Nature lovers are invited by the Indian mission in New York to visit Chilika Lake in Odisha.
5 hours ago
White House Praises India’s Vibrant Democracy Amid Recent Diplomatic Dialogue
5 hours ago
'Taarak Mehta' star Deepti Sadhwani shines in thigh-high slit gold sequin gown at Cannes
5 hours ago
Janhvi Kapoor showers praise on 'Superstar Singer 3' contestant's 'Tumse Milke Dil Ka' act
5 hours ago
Farah Khan reveals her children are huge fans of 'Chhota Bheem'
5 hours ago
Cotton t-shirts, shorts, sneakers are Pooja Hegde's summer choices
5 hours ago
Puneet Issar took help of his son for shooting virtually from Seattle for 'Vanshaj'
5 hours ago
Influencer Aastha Shah flaunts her vitiligo on Cannes red carpet
5 hours ago
India to contribute about 30 pc of global GDP growth between 2035-2040: Amitabh Kant