Tech.co logo

Google Researchers Find Massive Security Flaw in iPhones

August 30, 2019

3:19 pm

Smartphone security is having a rough week, as Google researchers discovered an “unprecedented” iPhone hacking enterprise that saw thousands of users per week affected by the operation.

There's no denying that the tech industry is in a bit of a security crisis at this point in history. Hacks and breaches are compromising our personal information on what feel like a daily basis, and tech companies aren't making a huge effort to put a stop to it. Heck, Google experienced its own malware problem earlier this week, and innovative malware practices are making headlines regularly.

Now, Google researchers have announced that a substantial malware attack likely affected scores of iPhone users just for visiting a few suspect websites.

What Did Google Research Find?

Project Zero, an internal team at Google composed of white-hat hackers looking for gaps in consumer tech security, discovered the vulnerability earlier this year. They found that the hackers used a small network of websites to deliver malware to iPhone users that visit them.

The breach gave hackers access to chat history on apps like WhatsApp and iMessage, as well as location information, Gmail databases, address books, and keychains, which house passwords to a wide range of other accounts.

Fortunately, Project Zero alerted Apple of the issue in February and a security update was installed less than a week later. Unfortunately, according to some of the members of Project Zero, it might be too little too late.

“Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device,” said Ian Beer, a security researcher at Google, to The Guardian.

Were All iPhones Affected?

This is perhaps one of the more unsettling aspects of this story. The hacking operation was not only successful at gleaning all that personal information, but it was also able to access a surprisingly vast number of iPhones, with some practices even affecting completely up-to-date models.

To make matters worse, iPhone users didn't even have to interact with the malicious websites to be affected by the hack. If you simply visited one of these websites while using your iPhone, your device was immediately compromised. Fortunately, the hack wasn't too persistent, as a mere restart could wipe the malware from the device, but as Beer pointed out, the damage may have already been done.

How to Keep Yourself Safe Online

There are a lot of best practices when it comes to keeping yourself safe online. From using password managers and VPNs to spotting phishing scams in your email, the importance of taking your online security seriously cannot be understated. Unfortunately, in the case of this hack, there really wasn't a lot you could do other than be vigilant.

“All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them,” said Beer.

We're sorry this news story doesn't have more of a happy ending, outside of the fact that this particular hack was shut down earlier this year. The reality is that the world of online security is still playing catch up to malicious players on the web, and the best thing you can do for yourself is to take as many precautions as possible when it comes to using the internet.

Learn more about staying safe online on Tech.co

Tags:

Did you like this article?

Get more delivered to your inbox just like it!

Sorry about that. Try these articles instead!

Conor is the Senior Writer for Tech.co. For the last four years, he’s written about everything from Kickstarter campaigns and budding startups to tech titans and innovative technologies. His extensive background in stand-up comedy made him the perfect person to host tech-centric events like Startup Night at SXSW and the Timmy Awards for Tech in Motion. You can email Conor at conor@tech.co.