Malicious sites trying to hack iPhone for yrs

Malicious sites trying to hack iPhone for yrs

When Google's Project Zero revealed that malicious websites have been hacking iPhone users for years every time they visited the sites, users were terrified. Somewhat oddly, Google didn't disclose the websites that were the source of the attack although it did say that Apple patched the exploit they were using back in February.

While the iOS attacks were the most noteworthy, the campaign also targeted more widely used devices, according to Thomas Brewster of Forbes.

"Earlier this year, Google's Threat Analysis Group (TAG) discovered a small collection of hacked websites".

The attacks, uncovered by Google security researchers last week, allegedly targeted a number of different platforms as part of a surveillance campaign by Chinese authorities.

The monitoring implants gave hackers the ability to access everything from images and messages stored on an affected device, apps like Gmail, WhatsApp and Instagram, and highly sensitive information like banking logins and other passwords, potentially leaving customers open to serious identity theft. The iMessage vulnerabilities discovered by the Google Project Zero members could fetch prices in the vicinity of "millions or even tens of millions" on the exploit market.

With "thousands of visitors" accessing malicious website, not only was their private data captured, but their location data was also made visible, allowing them to be tracked on command by the Chinese government.

Although iOS has a well-earned reputation for security, unless jailbroken, it's thought that not only did the hackers find a way through all those layers of security, but that many non-Uyghur people outside of the "target area" and group were caught up by the malware, too. But a new report surfaced recently suggesting that the websites were a part of a state-supported attack meant to target the Uighur community in China's Xinjiang state. It might also be a possibility that people outside the Uighur group were affected by this attack. Apple disclosed in that update that the flaws, referred to as "memory corruption" issues, were fixed with "improved input validation". In fact, the same websites which were used to target iPhones were used against Windows and Android devices.

Related Articles