You may have heard about the discovery of a hack targeting iPhone devices through the web for years. Google claims it discovered the issue as part of its Project Zero security analysis mission, and suggests hackers could have accessed thousands of devices over a two-year period.
So how can websites hack iPhone? And what should you do to keep yourself safe from these types of hacks? The following article will have all the details you need to know.
How can websites hack iPhone?
Here’s how this security issue affects iPhone devices, revealed in August 2019 by Google Project Zero. Traditionally, people thought it was difficult or even impossible to hack iOS devices as long as they weren’t jailbroken. Hacking an iOS device requires knowledge of the Zero day vulnerability.
This is an undisclosed vulnerability to Apple or the security community. As soon as Apple discovered the security hole, they patched it. This means that as soon as a vulnerability becomes widely known, it is almost immediately fixed.
However, in the case of these hacks, websites can hack the iPhones that have access to them. The hacker managed to do this using 14 different vulnerabilities, which were combined into 5 attack chains.
An attack chain is where several vulnerabilities are used in combination to attack a device. A single vulnerability won’t be enough to hack a device, but when combined, they can do it. Hackers can combine using security holes together to install a monitoring software, running as root on the device.
That means it has defeated the security protocols of the operating system and obtained the highest possible security privileges.
Just visiting one of these sites is enough for your device to have a surveillance software installed. More worryingly, Google says it estimates that thousands of people visit these sites every week. That means hackers could have infected thousands of devices over the past few years.
What consequences can these hacks cause?
The list of perks that these hacks win is truly unsettling. Installed software can locate the device in real time, view call and SMS history, view notes in the Notes app, view passwords, listen to voice memos, and view photos. The software can even see encrypted messages like those shared across multiple apps like iMessage, Telegram or WhatsApp.
The installed software can see the encrypted messages because it has access to the database files on the phone. These files allow you to read and send encrypted messages. The operating system will protect these files from third-party applications. But because the software that was secretly installed has root access, it can view these files and use them to read encrypted messages.
It can also upload emails from the phone to the hacker’s server, or it can copy all the contacts stored on the phone. Real-time GPS tracking is especially scary because it means hackers can see a user’s current location at any time and track their movements.
Who do these hacks affect?
Apple has released a statement addressing the issue. According to Apple, “this sophisticated attack affects only a small area, rather than a large-scale exploit affecting all iPhone devices.” The company also added, “This attack affected about a dozen websites, focusing on content related to the Uighur community (English name is Uighur)”.
The Uighurs are an ethnic minority group of Chinese origin. The implication in Apple’s statement is that the Chinese government may have used iPhone malware to spy on the Uighurs in particular, in order to track and control them.
Apple accused Google of causing unnecessary fear, making all iPhone users think their device has been compromised. The implication is that most iPhone users don’t need to worry about hacks, as they only target a small number of people. However, all users should be aware of the fact that vulnerabilities exist and are used to compromise iOS devices for two reasons.
Firstly, using these vulnerabilities to target a minority is something everyone should be concerned about. Second, it proves that iOS devices are not immune to hacking and that iPhone users need to be aware of these security issues.
Also, whatever the potential danger this hack could be is worth considering. Hackers are only interested in targeting certain groups of people. However, if they wanted to, they could use the same method to infect iPhone devices on a much broader scale.
What should iPhone users do about avoiding hacks?
While this news sounds scary, iPhone users need not panic. Apple patched this vulnerability some time ago. As long as you’re running iOS 12.1.4 or later, you’re currently “immune” to this attack. This shows why regular device software updates are so important. Companies often fix security issues like these in the latest version of their software.
If you think your device has been infected with malware, you should update it to the latest iOS version as soon as possible. The phone will reboot as part of the installation process. New software and a reboot will remove the malware from your device.
Unfortunately, it is not possible to run anti-virus software on iOS. This means there is no way to check your device and detect threats, like this malware, in the future. The best thing you can do to keep your device secure is to update it regularly.
While the iPhone is still a very secure device overall, it’s far from perfect. As proven, it is possible to hack iOS devices and steal huge amounts of data from them.
To help keep your iPhone safe, you can learn about the iPhone security settings and apps you must know.
Good luck!
Source link: How iPhone vulnerability allows websites to hack iOS devices
– https://techtipsnreview.com/
