iPhone Under Attack: Getting Hacked Just By Visiting Websites!

Must Read

Elon Musk Added Over $100 Billion To His Net Worth In Just 1 Year, Leaves Jeff Bezos Behind

Jeff Bezos may the world's richest person in the world but it's Elon Musk who has been...

iPhone 12 Plagued With Serious Problems: Should You Buy It, Still?

A serious problem with Apple iPhone 12, identified recently, is good enough to give a second thought...

Elon Musk Overtakes Bill Gates And Becomes the 2nd Richest Person in the World

It's been a good week for Elon Musk and his electrical vehicle business Tesla. Earlier this week,...

Yes, you read it right, a website could hack iPhone.

In January this year, it was the very first time when Apple disclosed that active install base of iPhone has reached 900 million. With a global active installed base is expected to exceed 1 billion this year, Apple’s iPhones continue to be some of the most desired smartphones worldwide. Therefore, the reported incidents of a coordinated hacking campaign attacking iOS users, undoubtedly, come as unpleasant news to the tech magnate.

Apple iPhone, famous for their locked-down security, are under threat of being hacked by simply visiting a normal looking website. A report published recently in a disquieting blog post by Google’s Project Zero researcher Ian Beer states that an iPhone hacking campaign, discovered earlier this year, is targeting iPhone users through hacked websites. Simply visiting such websites once is enough for the exploit server to attack your iOS device.

Advertisements

iPhone Hacking: Watering Hole Attacks

Known as watering hole attacks, these exploits can compromise the security of end-users by infecting websites and using them as bait to load malware into the victim’s device. These malware or malvertisements infect devices visiting the website. This technique is one of the most used hacking techniques today and is used to conduct identity theft and steal sensitive information from unsuspecting victims.

This iPhone hack epidemic was brought to attention earlier this year by Project Zero’s cybersecurity researchers. It included at least five iPhone exploit chains with the ability to remotely jailbreak an iPhone and implant it with spyware by exploiting 14 different flaws in Apple’s iOS, including flaws in Safari Web Browser, iOS kernel and sandbox escape issues. According to researchers these can attack devices with the iOS 10 and succeeding mobile operating systems.

These attacks are programmed to steal photos, iMessages, and live GPS location data from devices and upload them to an external server every sixty seconds. Also, the implant can gain access to the device’s keychain data which contains authentication tokens, credentials and certificates accessed by the device.

Other popular end-to-end encryption apps on iOS platform like Whatsapp and Telegram are also vulnerable to these exploits.

What to Do?

Ian Beer warns users that while rebooting their iPhone can automatically wipe off the implant, albeit revisiting the hacked website would again reinstall it. Given that these websites receive thousands of visitors weekly, avoiding them may not be easy. Furthermore, attackers can use already stolen information to access various accounts and services even if the implant is wiped.

Advertisements

Beer also notes that the group behind the iPhone hacking could be targeting users of iPhones in certain communities for over two years.

Although no information about the hacked websites was released, Apple assures its users that the majority of these issues have been patched. iOS users are advised to update their devices to avoid such malicious hacking campaigns. Even though the tech behemoth is known for its not so smooth relationship with security researchers, Apple issued patches just a week later after Google disclosed the vulnerabilities being exploited by the hackers.

Apple recently made the news for providing security researchers with “hacking-friendly” iPhones with the goal of increasing their security even more by letting researchers hack their systems and using the data to make it more difficult for nefarious individuals and groups to attempt to do the same.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Backed By First-Time Shoppers, Flipkart And Amazon Dominated Festive Online Sales in India

It seems like Flipkart and Amazon squeezed the most out of the month-long festive season in India...

Amazon Gets Slapped With Penalty As GOI Prepares To Tighten The Noose On Ecommerce Players!

In a recent move, the Indian Government slapped Amazon on its wrist for not mentioning the country of origin detail for products...

Facebook’s Past Comes Back To Bite As South Korea Fines Them For 2018 Scandal

The social media behemoth Facebook Inc. (NASDAQ:FB) has once again proved they are the true arch-nemesis of modern-day user-privacy!

Amazon Future Group Dispute Deepens As Singapore Court Turns Down Future Group Plea

The dispute between Amazon and Future Retail is, apparently, far from over anything soon as the Singapore International Arbitration Centre (SIAC) has...

Google Pay Fee On Instant Transfer: An Indication Of Google’s Aggressive Monetisation Strategy?

Google has decided to levy fee on instant payment, starting from the US market. A few days back, Google...

Twitter Account Verification Is Back, But Has it Lost Its Mojo?

Twitterati queue up! As the Twitter account verification process which is responsible for awarding blue badges prepares to...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This