For two years, a handful of websites hacked thousands of iPhones that visited them, getting access to live location data, photos, contacts, and even passwords
For two years, a handful of websites have indiscriminately hacked thousands of iPhones. — Hacking the iPhone has long …
Wired
Related Coverage
- Google finds ‘indiscriminate iPhone attack lasting years’ BBC · Dave Lee
- How to Protect Yourself Against a Newly Revealed iPhone Hack Fortune · Lisa Marie Segarra
- Google unearths 2-year-long iPhone spyware attack Financial Times · Tim Bradshaw
- Malicious Websites Have Been Hacking iPhones The Mac Observer · Andrew Orr
- Google researchers detail malicious website exploits that targeted iPhone users for years 9to5Mac · Chance Miller
- Update your iPhone's operating system as soon as possible Quartz · Mike Murphy
- Massive iPhone Hack Uncovered by Google: What You Need to Know Tom's Guide · Richard Priday
- Google says hackers have put ‘monitoring implants’ in iPhones for years The Guardian · Alex Hern
- Google Says Malicious Websites Have Been Quietly Hacking iPhones for Years VICE · Joseph Cox
- Armed with iOS 0days, hackers indiscriminately infected iPhones for two years Ars Technica · Dan Goodin
- Websites have been quietly hacking iPhones for years, says Google MIT Technology Review · Patrick Howell O'Neill
- Implant Teardown — In the earlier posts we examined … Project Zero
- Google Discovered Malicious Websites Used to Hack iPhones for Years ExtremeTech · Ryan Whitwam
- Google reveals major iPhone security flaws that let websites hack phones The Verge · Jon Porter
- Apple's Planned iPhone Unveiling Overshadows Other Big News Fortune · Don Reisinger
- This Has Been the Worst Year for iPhone Security Yet VICE
- In-the-wild iOS Exploit Chain 1 Project Zero · Ian Beer
- Google security team reveals years-long spyware attack on iPhone users Rude Baguette
- The trade war hits close to home, Apple feels vulnerable, and a fight over national park transportation Morning Brew
- Malicious websites were used to secretly hack into iPhones for years, says Google TechCrunch · Zack Whittaker
- WhatsApp Security Destroyed By Just Visiting A Website—Why The Latest iPhone Hack Is Terrifying Forbes · Thomas Brewster
- Websites infected iPhones with spyware Associated Press
- Google discovers major iPhone security flaw that affected thousands CNBC · Todd Haselton
- Google Hackers Reveal Websites Hacked Thousands of iPhone Users Silently for Years Gizmodo · Dell Cameron
- Mass iPhone Hack Is Huge Wake-Up Call for Apple Tom's Guide · Paul Wagenseil
- Google's Elite Hacking Team Reveals Untimely Bug in iPhone Bloomberg · Allison Ingersoll
- Google Researchers Find Massive Security Flaw in iPhones Tech.co · Conor Cawley
- Apple is Bad at Software, says Google Security Boulevard · Richi Jennings
- iPhone hack attack: Google says hackers placed ‘monitoring implants’ in iPhones Fox News · James Rogers
- Google security crew sheds light long-running iOS spyware operation The Register · Shaun Nichols
- Google Warns iPhone Users of Data-Stealing Malware Attacks BleepingComputer · Sergiu Gatlan
- Google highlights iPhone security flaw Financial Times · Chris Nuttall
- Google Security Researchers Uncover ‘Sustained’ Hack on Apple iOS Devices iPhone in Canada Blog · Christopher Baugh
- Google hackers found malicious websites hacking iPhones HackRead · Sudais
- Unprecedented new iPhone malware discovered Malwarebytes Labs · Thomas Reed
- State-Sponsored Hackers Infected iPhones With Spyware; ‘Most Serious’ Breach Of Its Kind CBS San Francisco
- Massive iPhone Hack Compromised Thousands of Phones Variety · Janko Roettgers
- Google: Malicious sites hacked iPhones for years through unknown exploits SiliconANGLE · Maria Deutscher
- Google says hacked websites were attacking iPhones for years TechSpot · Rob Thubron
- Hackers indiscriminately installed ‘monitoring implants’ in iPhones, Google says FierceWireless · Bevin Fletcher
- Google Uncovers Massive iPhone Attack Campaign Dark Reading · Kelly Sheridan
- Google's Project Zero Team Finds an iOS Exploit Allowing Hackers to tap into conversations through iMessage & more Patently Apple · Jack Purcher
- Thousands of iPhones attacked just by visiting hacked websites The Daily Dot · Brenden Gallagher
- iPhone Zero-Days Anchored Watering-Hole Attacks Threatpost · Tara Seals
- Google says a bunch of malicious websites have been secretly hacking iPhones for years KnowTechie · Joe Rice-Jones
- Malicious websites have been quietly hacking iPhones for the past couple of years Firstpost Tech
- What You Need to Know About the iPhone Malware News Slate · Josephine Wolff
- Report: Websites hacked iPhones for years Axios · Joe Uchill
- iOS Vulnerabilities Allowed Attackers to Remotely Hack iPhones for Years SecurityWeek · Ionut Arghire
- Sophisticated iPhone hacking went unnoticed for over two years Naked Security · John E Dunn
- iPhone exploit active “at least two years” detailed by Google SlashGear · Chris Davies
- Latest iOS Hack is a Game Changer The Mac Observer · Charlotte Henry
- Google says iPhones were vulnerable to hacks from websites for years Pocketnow · Anton D. Nagy
- Google discovered ‘sustained attacks’ over at least two years against iPhone users Neowin · Jay Bonggolto
- Google uncovers multiple malicious sites that hacked iPhones for years Android Central · Babu Mohan
- Google uncovers evidence of large iPhone hacking attempt The Hill · Maggie Miller
- Google's Project Zero team uncovers ‘sustained’ hack on Apple iOS devices Inquirer · Chris Merriman
- Google lays out iOS malware exploits found in the wild, but already patched by Apple back in February The Loop · Dave Mark
- Google Outlines iPhone Vulnerabilities That Let Malicious Websites Steal User Data for Years, Now Fixed MacRumors · Mitchel Broussard
- How to protect yourself against the latest big iPhone security scare (Updated) Apple Must · Jonny Evans
- Hackers used malicious websites to hack iPhones: Passwords, photos, chats, live location exposed International Business Times · Sami Khan
- Google's Project Zero details ‘indiscriminate’ hacking campaign against thousands of iPhones CyberScoop · Jeff Stone
- Google has discovered malicious websites targeting iPhone users Gizchina · Abdullah
- Google says iPhone security holes went unnoticed for 2 years Cult of Mac · David Pierini
- Google finds evidence of attempted mass iPhone hack CNN · Rishi Iyengar
- MAGA: Making Android Great Again? Beyond Search · Stephen E. Arnold
- Hacking Attack Could Have Compromised Hundreds Of Thousands Of iPhones PYMNTS.com
- Google discovered websites that could hack your iPhone just by visiting them Fast Company · Michael Grothaus
- Google exposes massive iPhone hacking operation Telecoms.com · Scott Bicheno
- iPhone exploits in hacked websites went unnoticed for years AppleInsider · Mikey Campbell
- These malicious website exploits targeted iPhone users for years MacDailyNews
- Google researchers found a bunch of malicious sites that quietly hacked iPhones for years Business Insider · Isobel Asher Hamilton
- Google researchers found an iOS security hole was left open for years Pocket-lint · Dan Grabham
- Google says iPhone security flaws let websites hack away for years CNET · Alfred Ng
- Google says older iPhones have a security flaw. Here's how to protect yourself Digital Trends · Mark Jansen
- Google security researcher warns that hackers are using malicious websites to exploit iOS flaws and monitor iPhone users BetaNews · Mark Wyciślik-Wilson
- Google uncovers exploit-laden websites that stole data from iPhones Engadget · Mariella Moon
- Google finds malicious sites pushing iOS exploits for years ZDNet · Catalin Cimpanu
- Google Finds Massive iPhone Vulnerability that Was Exploited for Years Softpedia News · Silviu Stahie
- Thousands of Fully Patched iPhones Exploited for Years, says Google - Who Is the Sophisticated Mystery Attacker? Computer Business Review · Ed Targett
- Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years The Hacker News · Swati Khandelwal
- Google researchers found mass iPhone hack attempt Seeking Alpha · Brandy Betz
- Google researchers reveal data-stealing, web-based iPhone exploit that was active for years The Next Web · Ravie Lakshmanan
- Google warns about two iOS zero-days ‘exploited in the wild’ ZDNet · Catalin Cimpanu
- Google's Project Zero Team Details Malicious Websites That Hacked iPhones for Years iPhone Hacks · Rajesh Pandey
- Hacked sites attacked thousands of iPhones every week for years using undiscovered exploits Mashable · Caitlin Welsh
- Here's Why You Should Update to iOS 12.1.4 Right Now (It's Not the Spy Bug) iDrop News · Mike Peterson
- Google researcher says iOS 12.1.4 fixes two zero-day vulnerabilities that ‘were exploited in the wild’ 9to5Mac · Chance Miller
Discussion
-
@zittrain
Jonathan Zittrain
on x
Apple iOS has been considered the most secure smartphone OS. Disconcerting that flaws could be strung together not only to own the phone, but to do it in bulk for all users visiting a compromised/ing web site. https://twitter.com/... https://twitter.com/...
-
@kennethgeers
Kenneth Geers
on x
Strategic iOS Attack —> “rare and intricate chains of code exploited a total of 14 security flaws” https://www.wired.com/...
-
@lilyhnewman
Lily Hay Newman
on x
not to be _dramatic_ but this actually does change everything https://www.wired.com/...
-
@robpegoraro
Rob Pegoraro
on x
As you read this, don't forget how often various government types have complained that our mobile devices are now too secure for them to investigate crimes. https://twitter.com/...
-
@motherboard
@motherboard
on x
Thousands of iPhones per week have been indiscriminately hacked for YEARS and no one knew: https://www.vice.com/...
-
@cramforce
Malte Ubl
on x
If Apple allowed browser engine diversity on iOS, then fewer than 100% of iOS users would have been vulnerable over this 2 year period https://www.washingtonpost.com/ ...
-
@alexstamos
Alex Stamos
on x
Many things to learn from this incident, but one is the safety cost of anti-competitive iOS App Store policies. Chrome/Brave/Firefox are required to use the default WebKit/JS. If Apple isn't going to put in the work necessary to protect users then they should let others do so. ht…
-
@ericgeller
Eric Geller
on x
You were very likely not hacked by this. The infected websites received very little traffic, Google said. The news is mostly significant because of how rare iOS zero-days are and because this campaign was indiscriminate, not targeted, raising questions about who did it and why.
-
@alexstamos
Alex Stamos
on x
It's darkly ironic that Apple is the company that is demonstrating the end point of late-90's fears about Microsoft. ✅Rent seeking via platform control. ✅Content moderation on behalf of autocracies ✅Risk of software monoculture[1] [1] http://blough.ece.gatech.edu/ ...
-
@malwarejake
Jake Williams
on x
This, plus a hardcoded HTTP IP address is amateur hour. Contrast that with multiple exploit chains and sandbox escapes and it sure sounds like a group with tons of money to buy exploits and little operational experience. So many thoughts right now... https://googleprojectzero.blo…
-
@mikeisaac
Rat King
on x
can someone tell me the rationale of google disclosing all this info but not identifying the sites? is it in fear of drawing people to them? https://www.wired.com/...
-
@martijn_grooten
Martijn Grooten
on x
There's a lot to say about the iPhone watering hole attacks, but if you work with vulnerable groups in China this, and the fact that P0 talked about “entire populations”, means should you take extra notice of what happened https://googleprojectzero.blogspot.com/ ... https://googl…
-
@stshank
Stephen Shankland
on x
A dig from a Googler about Apple's ostensibly security-minded (in part) reason for allowing only its own browser engine on iOS & iPadOS. (Chrome, Firefox, etc. are available on iOS, but unlike on MacOS, Windows, Android, are required to use Apple's WebKit browser engine.) https:/…
-
@rmogull
Rich Mogull
on x
I'm trying to decide if learning of indiscriminate iOS zero day attacks in the wild is just incredibly concerning, or the biggest iOS security news since the launch of the platform: https://googleprojectzero.blogspot.com/ ...
-
@alexstamos
Alex Stamos
on x
Remember how everybody lost their mind over Microsoft Palladium? At the time, “huge corporation will use hardware-rooted DRM to censor content choices by end users” seemed the worst-case scenario. That is literally the impact of Apple's DRM in China. https://epic.org/... https://…
-
@reneritchie
Rene Ritchie
on x
Terrific drill-down on a web-based iOS exploit chain. But, I can't find any info on what kind of sites were being used? If they were a tiny cluster in a remote region vs. major multinational, it's a very different threat level. https://googleprojectzero.blogspot.com/ ...
-
@alexhern
Alex Hern
on x
As this has filtered from the security community to the mainstream, something's been lost in translation, so I want to be explicit: this is not an aggressive move by Google, and it's not part of the wider conflict between the two companies. https://www.theguardian.com/ ...
-
@ericgeller
Eric Geller
on x
HUGE mobile security news: Google found malicious websites indiscriminately hacking iPhones using at least 5 separate exploit chains w/ *14* individual 0days. https://googleprojectzero.blogspot.com/ ... This is like finding a live colossal squid at the beach. Just *one* iOS 0day …
-
@cynicalsecurity
Arrigo Triulzi
on x
All I am going to say about the iOS exploit chains write up by Project Zero is: “Bloody Hell!”. In the most profound British understatement tone I can muster. https://googleprojectzero.blogspot.com/ ...
-
@savicali
Savic Ali
on x
Privacy is an illusion in digital world. https://twitter.com/...
-
@lukolejnik
Lukasz Olejnik
on x
The implant was used to steal location data and files like databases of WhatsApp, Telegram, iMessage. So all the user messages, or emails. Copies of contacts, photos, https://googleprojectzero.blogspot.com/ ... https://twitter.com/...
-
@craiu
Costin Raiu
on x
So, people with access to big chunks of network traffic should probably scout for HTTP POSTs to “/list/suc?name=”. https://googleprojectzero.blogspot.com/ ...
-
@alexstamos
Alex Stamos
on x
This is a huge find by Google's team. Attribution for these sites is going to be critical to understanding what impact they might have had. https://twitter.com/...
-
@malwaretechblog
@malwaretechblog
on x
This is wild. A group were using hacked websites to indiscriminately exploit iPhones using zero days exploits, and somehow went unnoticed for years. https://googleprojectzero.blogspot.com/ ...
-
@jason_koebler
Jason Koebler
on x
this is crazy crazy crazy crazy crazy. Upends everything I thought I knew about iPhone security. https://www.vice.com/...
-
@_danielsinclair
Daniel Sinclair
on x
Wow. This Project Zero discovery is insane. Some unnamed entity (obviously a government) had 7 Safari 0-days that have been quietly compromising iPhones for years — all the way back to iOS 10. Anyone who visited these unnamed sites were sunk. https://googleprojectzero.blogspot.co…
-
@da_667
@da_667
on x
the iOS 0-day/implant that google TAG found just really goes to show you why there is such a big market for iOS 0-days. With the right exposure, its intelligence goldmine that reaps massive dividends.
-
@howelloneill
Patrick Howell O'Neill
on x
Google's Threat Analysis Group found hacked sites being used in watering hole attacks using five distinct iPhone 0-day exploit chains. The websites had thousands of visitors per week. Project Zero's analysis starts here: https://googleprojectzero.blogspot.com/ ...