Google’s Project Zero team discovered a series of hacked websites earlier this year that was being used for carrying out one of the largest attacks on iPhone users. The websites relied on an iPhone 0-day exploit and had no target discrimination: anyone with an iPhone who visited the hacked website was attacked by the exploit server.
On being successful, these sites installed a monitoring implant on the iPhones. These websites are estimated to have received thousands of visitors every week.
There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.
The implant focused on stealing files and uploading live location data of users. It also requested commands from its control server every minute. The implant would be automatically wiped if one reboots their iPhone thereby leaving no trace of itself. However, given how rarely people restart their iPhone, this is still a major issue.
Given the nature of the attack, the data sent back by the implant was enough for the hackers to access their iMessage chats and other personal data and accounts.
The Threat Analysis Group at Google discovered five different and unique iPhone exploit chains based on 14 different vulnerabilities that worked from iOS 10 through iOS 12. The group behind the websites relied on these exploits to hack iPhones users and steal their data for a period of over two years.
The Project Zero team informed Apple about the hack on 1st February 2019 with a 7-day deadline. This lead to Apple releasing iOS 12.1.4 on February 7, 2019.
If you are interested in reading more about the hack and the exploits used, make sure to read the entire blog post from Ian Beer by heading to the source link below.
[Via Project Zero Blog]