iPhones from iOS 10 to recent versions of iOS 12 were open to having messages, images, and location data stolen by hackers through a web-based exploit, according to Google’s external security & research blog, Google Project Zero.
As part of a 30-month long operation, researchers were able to take advantage of an exploit in Apple’s default web browser, Safari, to load malware onto devices. Simply landing on an infected webpage was all that was needed to infect an iOS device, and once deployed, the malware allowed hackers to access sensitive data from across the device. According to the extensive blogpost, the earliest version of iOS infected by this exploit was iOS 10.0.1, meaning the security hole was likely in existence from at least September 2016.
Once the malware was loaded, the hacker had access to a wide variety of data from the infected device. The final post of the blog contains minute details of the data that could be siphoned from various apps. This included messages from WhatsApp, Telegram, and other otherwise secure messaging apps, accurate location data, and contact details. The malware could even take copies of images and emails received on the device, all without the user’s knowledge.
The malware would send an update every 60 seconds, ensuring the hacker always had an up-to-date version of all their stolen data. On the plus side, the hack could be cleared out by restarting a device, as the malware would not be stored in the local memory. As another side effect, this constant updating would also be likely to take a severe toll on the device’s battery life.
Thankfully for iOS users, Google reported this exploit to Apple on February 1 and was apparently fixed via a security patch on February 7. However, that probably only accounts for devices on the latest version of iOS, iOS 12. While unverified, users of iPhones running older versions of iOS should be aware that this exploit potentially still exists.
While always good advice, be careful of the websites you visit and avoid any clicking on any suspicious links. If you suspect you have been infected, restart your device to hopefully clear the malware. However, just because the malware has been cleared doesn’t mean you’re out of the woods yet. According to Google’s Ian Beer, “given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device”.
With that in mind, the only real solution to the exploit may well be upgrading to a new iPhone. The latest versions of iOS 12 (soon to be iOS 13) have been immunized against the exploit, so you’ll be able to surf in peace.
We have reached out to Apple for comment, and will update when we hear back.