Google Exposes 14 Long-Hidden Exploits in ‘Unhackable’ iPhone

google exposes exploits in 'unhackable' apple iphone
Google just exposed 14 exploits in Apple's "unhackable" iPhones that have been lurking on the devices for years. | Source: AFP PHOTO / Jewel Samad
PHNjcmlwdCBhc3luYyBzcmM9Imh0dHBzOi8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL2pzL2Fkc2J5Z29vZ2xlLmpzIj48L3NjcmlwdD4KPCEtLSBUb3AgQXJ0aWNsZSBDQ04gLS0+CjxpbnMgY2xhc3M9ImFkc2J5Z29vZ2xlIgogICAgIHN0eWxlPSJkaXNwbGF5OmJsb2NrIgogICAgIGRhdGEtYWQtY2xpZW50PSJjYS1wdWItNjQ3MjA2OTY5MzY1NzE0MyIKICAgICBkYXRhLWFkLXNsb3Q9IjU4NDY0ODIyMjMiCiAgICAgZGF0YS1hZC1mb3JtYXQ9ImF1dG8iCiAgICAgZGF0YS1mdWxsLXdpZHRoLXJlc3BvbnNpdmU9InRydWUiPjwvaW5zPgo8c2NyaXB0PgogICAgIChhZHNieWdvb2dsZSA9IHdpbmRvdy5hZHNieWdvb2dsZSB8fCBbXSkucHVzaCh7fSk7Cjwvc2NyaXB0Pg==

Google’s Project Zero team revealed 14 iPhone security flaws hackers have secretly exploited for two years, questioning whether Apple’s device is really so “unhackable” as has long been claimed.

Thousands of iPhone owners at risk?

According to the series of blog posts published by Google’s zero-day security analyst team, the attackers indiscriminately used watering hole attacks against iPhone users, installing monitoring implants to devices which have visited websites infected by the hackers.

Google researchers estimate that the infected sites receive thousands of visitors every week.

YouTube

By loading the video, you agree to YouTube’s privacy policy.
Learn more

Load video

PGlmcmFtZSB0aXRsZT0iSGFja2VycyBzaG93IHdheXMgdG8gcHJvdGVjdCB5b3VyIGlQaG9uZSIgd2lkdGg9IjgwMCIgaGVpZ2h0PSI0NTAiIHNyYz0iaHR0cHM6Ly93d3cueW91dHViZS1ub2Nvb2tpZS5jb20vZW1iZWQvUGtWc3h3dEd3cnM/ZmVhdHVyZT1vZW1iZWQiIGZyYW1lYm9yZGVyPSIwIiBhbGxvdz0iYWNjZWxlcm9tZXRlcjsgYXV0b3BsYXk7IGVuY3J5cHRlZC1tZWRpYTsgZ3lyb3Njb3BlOyBwaWN0dXJlLWluLXBpY3R1cmUiIGFsbG93ZnVsbHNjcmVlbj48L2lmcmFtZT4=

According to one blog post, the 14 vulnerabilities were a part of five unique iPhone exploit chains that covered almost every version of Apple’s mobile operating system from iOS 10 to the latest version of iOS 12, indicating that the hackers were working hard to exploit the security flaws.

Half of the iPhone vulnerabilities were discovered in Apple’s Safari browser, five in the kernel, and hackers also used two separate sandbox escapes to access data outside the permissions of an app or a process.

Apple users risk leaking sensitive information

The hackers have launched one of the most comprehensive attacks ever deployed against iPhone users.

What proves this best is the broad access of the monitoring implant, which could acquire location data, photos, contacts, and sensitive information like passwords from the iOS Keychain after successful installation.

iphone hack
Hackers have been exploiting these Apple iPhone exploits for years. | Source: Shutterstock

The attack had such deep access to iPhone systems that hackers could even read or eavesdrop the messages of victims on encrypted communications services like WhatsApp or iMessage.

There’s also a chance that the attackers have acquired access tokens from the Apple victims, which they could use to log into social media and communications accounts.

Google reveals that Apple iPhones are not unhackable

The new Google research highlights that the iPhone is not the unhackable mobile device Apple has dreamed of – despite the company’s previous claims on the smartphones being hacker-proof.

Twitter

By loading the tweet, you agree to Twitter’s privacy policy.
Learn more

Load tweet

PGJsb2NrcXVvdGUgY2xhc3M9InR3aXR0ZXItdHdlZXQiIGRhdGEtd2lkdGg9IjU1MCIgZGF0YS1kbnQ9InRydWUiPjxwIGxhbmc9ImVuIiBkaXI9Imx0ciI+UmVtZW1iZXIgd2hlbiA8YSBocmVmPSJodHRwczovL3R3aXR0ZXIuY29tL2hhc2h0YWcvQXBwbGU/c3JjPWhhc2gmYW1wO3JlZl9zcmM9dHdzcmMlNUV0ZnciPiNBcHBsZTwvYT4gc2FpZCB0aGUgPGEgaHJlZj0iaHR0cHM6Ly90d2l0dGVyLmNvbS9oYXNodGFnL0lwaG9uZT9zcmM9aGFzaCZhbXA7cmVmX3NyYz10d3NyYyU1RXRmdyI+I0lwaG9uZTwvYT4gd2FzIDxhIGhyZWY9Imh0dHBzOi8vdHdpdHRlci5jb20vaGFzaHRhZy91bmhhY2thYmxlP3NyYz1oYXNoJmFtcDtyZWZfc3JjPXR3c3JjJTVFdGZ3Ij4jdW5oYWNrYWJsZTwvYT4gPyA8YSBocmVmPSJodHRwczovL3QuY28velFaelYyWkZPRCI+cGljLnR3aXR0ZXIuY29tL3pRWnpWMlpGT0Q8L2E+PC9wPiZtZGFzaDsgSnVzdHNvbWVndXkgKEBkaXJvbmFibHUydSkgPGEgaHJlZj0iaHR0cHM6Ly90d2l0dGVyLmNvbS9kaXJvbmFibHUydS9zdGF0dXMvODM5MTYxNTI0NDcyMTQ3OTY4P3JlZl9zcmM9dHdzcmMlNUV0ZnciPk1hcmNoIDcsIDIwMTc8L2E+PC9ibG9ja3F1b3RlPjxzY3JpcHQgYXN5bmMgc3JjPSJodHRwczovL3BsYXRmb3JtLnR3aXR0ZXIuY29tL3dpZGdldHMuanMiIGNoYXJzZXQ9InV0Zi04Ij48L3NjcmlwdD4=

The ability to hack iPhones became a hot topic after the US Department of Justice (DOJ) sued Apple for refusing to help the FBI to hack a device owned by an ISIS terrorist.

Later on, the agency managed to break into the terrorist’s iPhone with the help of a third-party and released an extensively redacted document, revealing almost nothing about the methods they used to hack the device.

PHNjcmlwdCBhc3luYyBzcmM9Imh0dHBzOi8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL2pzL2Fkc2J5Z29vZ2xlLmpzIj48L3NjcmlwdD4KPCEtLSBCb3R0b20gQ0NOIEFydGljbGUgLS0+CjxpbnMgY2xhc3M9ImFkc2J5Z29vZ2xlIgogICAgIHN0eWxlPSJkaXNwbGF5OmJsb2NrIgogICAgIGRhdGEtYWQtY2xpZW50PSJjYS1wdWItNjQ3MjA2OTY5MzY1NzE0MyIKICAgICBkYXRhLWFkLXNsb3Q9IjI5MjA0MTkwNjkiCiAgICAgZGF0YS1hZC1mb3JtYXQ9ImF1dG8iCiAgICAgZGF0YS1mdWxsLXdpZHRoLXJlc3BvbnNpdmU9InRydWUiPjwvaW5zPgo8c2NyaXB0PgogICAgIChhZHNieWdvb2dsZSA9IHdpbmRvdy5hZHNieWdvb2dsZSB8fCBbXSkucHVzaCh7fSk7Cjwvc2NyaXB0Pg==
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
PHNjcmlwdCBhc3luYyBzcmM9Imh0dHBzOi8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL2pzL2Fkc2J5Z29vZ2xlLmpzIj48L3NjcmlwdD4KPCEtLSBSZWNvbW1lbmRlZCBwb3N0cyBBZCBDQ04gLS0+CjxpbnMgY2xhc3M9ImFkc2J5Z29vZ2xlIgogICAgIHN0eWxlPSJkaXNwbGF5OmJsb2NrIgogICAgIGRhdGEtYWQtY2xpZW50PSJjYS1wdWItNjQ3MjA2OTY5MzY1NzE0MyIKICAgICBkYXRhLWFkLXNsb3Q9IjI3MzY1ODYyMzUiCiAgICAgZGF0YS1hZC1mb3JtYXQ9ImF1dG8iCiAgICAgZGF0YS1mdWxsLXdpZHRoLXJlc3BvbnNpdmU9InRydWUiPjwvaW5zPgo8c2NyaXB0PgogICAgIChhZHNieWdvb2dsZSA9IHdpbmRvdy5hZHNieWdvb2dsZSB8fCBbXSkucHVzaCh7fSk7Cjwvc2NyaXB0Pg==