iPhone users on alert as hacking attack uncovered – Independent.ie


The problem may have affected thousands of Irish and European iPhones over the past three years.

The flaw, which involved iPhone users’ personal details being made available to hackers through infected websites, was discovered by a Google security team, which notified Apple in February.

Apple patched the vulnerability soon afterwards. But security researchers say the infected websites, which were not disclosed, were visited thousands of times each week by iPhone users.

Irish Data Protection authorities say there has been no contact with Apple over the hacking incident, which has initially been assessed as a security issue rather than a data breach.

A spokesman for Helen Dixon’s office said that the Irish data regulator was examining the issue before proceeding further.

The hack involved malware which was uploaded to a small number of sites and was designed to specifically infect iPhones.

Just visiting the websites from an iPhone’s web browser was enough to infect the handset.

Once infected, sensitive information such as personal conversations, passwords and location data were at risk, according to the Google security researchers. Users’ apps, including Instagram, WhatsApp and Gmail, were also potentially accessible.

“There was no target discrimination,” said Ian Beer of Google’s Project Zero group, which unearthed the problem.

“Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.”

Mr Beer said most of the security flaws were found within Safari, the default web browser on Apple devices.

READ  Drive.ai is reportedly shutting down after deal with Apple falls through - The Verge

Operating systems from iOS 10 to iOS 12, installed on most iPhones over the past three years, were targeted in the hack.

Users should check their device is running the most up-to-date version of iOS in order to ensure they are protected from the flaw.

They can test their software version by going to the Settings app on their device, selecting General and then tapping on the Software Update option.

Any required updates will then be displayed here, which users can select to install.

The most recent update currently available is iOS 12.4.1.

Mr Beer warned that while the implant is not saved on Apple devices, it can again provide access to hackers when the owner visits a “compromised site”.

“Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device,” he said.

Apple’s iOS is considered one of the most secure systems available because both it and the devices it runs on are built and managed by Apple, with little chance for gaps to appear between hardware and software that could be exploited by hackers.

The general security of the technology giant’s devices has also previously placed it at odds with intelligence services in the US and UK.

Authorities in both countries have put pressure on Apple to provide a “back door” into iPhones to help them fight crime and terrorism.

Apple has refused to do so, citing security and privacy concerns for its customers.

READ  Facebook’s future: Is social media giant’s days numbered? - NEWS.com.au

The security issue comes 10 days before Apple unveils its newest range of iPhones.

On September 10, the company is expected to announce three new iPhones, as well as new iPads and a new MacBook Pro laptop.

Irish Independent





READ SOURCE

LEAVE A REPLY

Please enter your comment!
Please enter your name here