Google researchers have found that 14 serious flaws in iOS, the iPhone system, have been exploited by criminals. In a survey released on Thursday (29), the security team says the attack occurs when the user uses the device to access malicious websites which provides a way for the installation of powerful monitoring malware. The criminal sets one of the most serious attacks ever recorded against iOS.
Through the breach, evil hackers gain full access to users' files and personal data, conversations with messengers like WhatsApp, and the location of the device in real time. After Google reported the Apple discovery, the vulnerabilities were fixed with software updates released by the company earlier this year.
- Find the best iPhone prices on the internet
- iPhone 11 comes to: smartphone wins release date
Google finds iOS security breach that could leak personal data and chat from users to messengers Photo: Marvin Costa / TechTudo
For two years, criminals have been able to break into devices they used from iOS version 10 through version 12. In all, the researchers found 14 system vulnerabilities that were massively exploited by hackers. Malicious websites are designed to scan devices to compromise them with monitoring malware. According to Google, the web pages used five exploit chains, which are tools designed to assimilate vulnerabilities, thus allowing criminals to penetrate the protection layers of iOS.
By infecting the device, attackers could access authentication tokens and use them later, even if the malware had been removed. This data can be used to access various services, such as social networking accounts and email management systems. Malicious action has allowed access to encrypted conversations in messengers like WhatsApp, iMessage and Signal. In addition, the loophole allowed you to capture photos, contacts, and other sensitive information managed by iCloud's native Keys app.
According to security company founder Rendition Infosec NSA analyst Jake Williams, the attack is similar to actions carried out by spy agencies. The time when hackers were active undetected indicates that they were operating from a location outside the United States, where corporate servers are located. "After two years without being caught, I can't imagine that these attacks were not from outside national borders," Williams added in a statement to the Wired website referring to the American territory.
Google has not publicly released the list of sites involved and whether it has been targeted to a specific layer of users. To date, Apple has made no statement about this.
What to do to prevent or prevent?
Given the severity of the attack, the team reported the problems and suggested that Apple solve the problem within seven days. The timeframe, however, is very short compared to the 90 days suggested in most cases by digital security professionals which shows the severity of the problem. As a solution, Apple initially released iOS 12.1.4, which also resolved a major flaw in FaceTime.
Project Zero professionals claim that restarting the device breaks access and automatically deletes malware from the system. However, it is best to keep the device updated with the latest version of iOS.
Check out the iPhone XS and iPhone XR release directly from the United States