Google researchers revealed that they’d discovered hacker websites which targetted flaws in iPhones. This particular attach what could be one of the most significant cyberattacks on iPhone users ever.
Motherboard – the tech team within the Vice website, reported the story following a blog post made by the Project Zero team at Google, state that the hacked sites in question ‘were operational for years’. That could have resulted in countless iPhone users having their details shared unknowingly, with the attacks making use of ‘zero-day exploits’.
The Verge states that the attack could have targetted iPhone users’ keychain, which could potentially grant hackers with access to databases related to messaging services. Unauthorised access to apps includes Whatsapp and Apple’s iMessage system, both of which boast end-to-end encryption for extra security.
Typically iPhone security attacks are made by directly targetting users via a message linking to a compromised website. This attack is different in the fact that the hacked sites require a simple visit for an iPhone user to become a victim. Researchers from Google claim that the websites in question could have drawn thousands of visitors weekly.
Google contacted Apple about the issue earlier this year and gave them just a week to release a patch to secure devices. Techcrunch reported that this timeframe showed the seriousness of the problem, with the standard protocol for a fix often being timed at 90 days. A fix was released by Apple within the seven days for the majority of devices via a software update.
How can users secure their iPhone?
Apple iPhones have long been considered one of the most secure devices on the mobile, tablet and computer market. However, they are not immune to issues, as shown with this latest report.
Thankfully, there are several ways iPhone users protect themselves from this attack.
1. Update Apple software
The researchers from Google state that the attack affected versions 10 through 12 of iOS, the operating system used by Apple on its mobile devices. Following Google sharing their information with the rival, Apple had issued a fix in the form of an iOS update just six days later.
Updating to the latest iOS is the simplest way to protect your iPhone. By doing this, iPhone users’ data will be kept safe.
2. Resetting affected iPhones
Due to the nature of the attack, Google revealed that a simple reboot (classic, “turn it off and back on again.”) of an infected iPhone would wipe the malware.
However, the phone is still vulnerable to the hack if the device is used to visit an affected site in future.
3. Visit only secure websites
Another way to ensure that an iPhone is not a victim of this attack is to ensure that users only visit secure websites. Due to only hacked sites compromising devices, should users avoid them, then the iPhone in their possession cannot become a victim of the issue.
Of course, there is no way to know what sites are affected by hacks or not should future attacks like this arise.
Are iPhones secure?
Despite this recent attack, iPhones are still one of the most secure devices in the commercial market, with Apple highlighting their seriousness surrounding security on numerous occasions.
As reported by Business Insider, Apple has also made some ‘major changes’ to its bounty-bug program to help keep their devices secure.
This program is designed to protect devices by offering rewards to those who can perform an attack on their devices without any user input. Anyone who can successfully gain full access to one of Apple’s iPhones, bypassing any security systems in place, could be eligible for the reward. The reward has risen from $200,000 at the beginning of the program to $1m.
All devices, regardless of their manufacturer, are often most vulnerable upon the release of significant updates. This is because of exploits on the release of new software, referred to as ‘zero-day exploits’.
Zero-day exploits are most worrying for users because hackers may find a flaw which has yet to be spotted by developers. This is why some users wait to run updates on software – as any exploits when revealed are patched quickly, allowing them to update with peace of mind.
Beta versions of software are also used widely ahead of a full launch to spot and fix flaws, as well as giving users the option of trying out new software. Either way, users can rest easy in the knowledge that companies like Apple are doing their best to secure devices.
Making sure you have the most up-date vulnerability fixes is part of the Cyber Essentials certification. Contact OmniCyber today to find out how our expert team can help your organisation to achieve Cyber Essentials.