When it comes to security, Apple always makes enormous claims about privacy and user security. Apple shows a deep interest in protecting its users from data breaching and viruses, but over a past few years, a lot of loopholes and bugs that were discovered in Apple’s operating system and stock applications stunned everybody.
Malicious Websites were used to Hack into iPhones for Years, says Google
The FaceTime bug that could listen to conversations of the other person even before picking up the call and the most recent bug that Apple has apologized for is Siri listening to private conversations of people.
A group of security researchers who works at Google’s Project Zero have details about the most significant attack against iPhone users.
The security researchers at Project Zero listed down a series of websites that have been hacked and are continuously attacking iPhones for years without any prior knowledge of the users.
According to Ian Beer, a member of Project Zero, the hacked websites, if visited by an iPhone user, would install the malware on their device. The attackers have targeted a lot of sites.
There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week,” Beer wrote in a blog post.
Ian beer wrote in a blog post that is simply visiting the website was more than enough for the attackers to gain access over the users’ iPhones, successful control over the device would allow them to install malware. The main issue of concern is that these sites have thousands of visitors per week, and this is a severe issue.
This also allows the hackers to retrieve users personal data, which consists of their passwords, personal contacts, and messages that were sent via iMessage, Whatsapp, Gmail.
Apple users who are on version iOS 10, 11, and 12 can be exposed to this vulnerability if they visit an infected website. However, there is no exact information about the users who have been exploited.
Ian also said that it is not a work of an average or rookie hackers. The exploiters must be a group of professionals who can also target a specific interest group or a demographic.