Hackers Had Access To Apple Devices For More Than Two Years

Apple devices

Apple devices:


Affected were owners of iPhones and iPads, who called a groomed website. The malware was able to read the location, photos and even private chats.

Hackers apparently had access to smartphones and tablets from Apple for an extended period. It became known through eight blog posts published by Google researcher Ian Beer during the night from Thursday to Friday.

Beer is part of the Project Zero team, which wants to find security holes before they can be exploited by criminals.

Many questions are still open. But one thing is clear: Google's security researchers have revealed one of the most serious attacks on iPhone users that has ever existed.

What happened?


For over two years unknown hackers exploited several vulnerabilities and infected Apple devices with malware.

It was enough to visit a specially prepared website, then the spy program nested unnoticed into the system and turned the iPhone or iPad into a bug.

The attackers took advantage of 14 different security holes. With five so-called exploit chains, they perforated one security layer after the other.

This allowed the malware to leverage all the protections of the browser and Apple's iOS operating system and work its way to the kernel, the lowest layer of the system.

This gave the attackers almost complete control over the device. The vulnerabilities have been actively exploited since at least the beginning of 2017, possibly even longer.

During this period, all users who called up one of the bait websites were affected. Allegedly there should have been thousands of visits a week. Regular updates did not help: all versions of iOS 10 through 12 were vulnerable.

Is the gap still open?

No. Apple closed the vulnerabilities on February 7, 2019, with the update to iOS 12.1.4, a week after the Google hint was received.

So there is no acute danger. Users who have updated their device since February are protected - at least against this attack.

What data could the attackers see?

Who controls the kernel has the power. The attackers were able to let off steam on the infected devices at will.

The malware logged the location in real-time, had access to photos, contacts, and all other documents, and was able to read data stored by apps.

This also affected messengers like Signal, Telegram or Whatsapp: their end-to-end encryption remained intact,

but the hackers still saw the chat history in plain language because they tapped the messages before they were encrypted.

Even Apple's keychain was open to attackers. They were able to access passwords, credit card details, supposedly secure notes and other important information.

In theory, a reboot helped to get rid of the malware. But most users rarely turn off their iPhone, and since there was no outward sign of the infection, they had no reason to do so.

Who is behind the attack?

That's one of the many open questions. The Google researchers do not name the infected websites, nor reveal details about the attackers.

However, the blog entry contains hints: Humans could have been targeted by hackers because they were born in a particular region or are part of a particular ethnic group.

The vulnerabilities would have enabled targeted monitoring of an entire group. Therefore, several security researchers who comment on Twitter suspect that a state group behind it.

Since the attackers have read many apps that are widely used in China, there are theories about a targeted espionage reaction against dissidents and Chinese minorities.

Evidence does not exist for that, theoretically, just as well ordinary criminals could be behind it.  However, the hackers' enormous technical abilities indicate that there were professionals at work who want more than just money.

In that case, they could have sold their knowledge for tens of millions of dollars instead of using the vulnerabilities themselves. On the black market for security gaps, such entrance gates are very popular.

Why is the excitement so big?

Every day, any security vulnerabilities are known. Often they endanger many millions of people, sometimes they are still open and can be exploited.

In contrast, this attack is secondary: a weak spot that has been closed for half a year, a few tens of thousands affected, no acute threat situation.

But there is one crucial difference: Apple. Vulnerabilities that can be spied on by iPhone users are rare. Apple's devices are considered safe.

If anything, attackers have so far succeeded in targeting individual users. In this case, the attackers targeted not just one victim, but thousands or tens of thousands of people at once.

Are iPhones unsure now?

The clear lead that Apple once had in terms of security has shrunk. On one hand, Microsoft and Google have caught up: Windows 10 and current versions of Android are much safer than the operating systems a few years ago.

On the other hand, in recent months, several vulnerabilities in iPhones and iMacs have become known that scratch Apple's reputation.

There are three reasons: First, there are nearly one and a half billion active Apple devices. Previously, the number of Apple users was significantly lower than that of Windows users.

In the meantime, ordinary criminals are more likely to attack iPhones and iMacs as well. Second, people who know they may be potentially at risk often use iPhones.

This is true for politicians, investigative journalists or dissidents. Therefore, security holes that make successful attacks worth so much - and so many criminal hackers are trying to find vulnerabilities.

Third, Apple has made mistakes. The newer iOS versions contain many new features, the focus on absolute stability and security was sometimes lost.

Nevertheless, iPhones are still among the safest smartphones. Unlike most Android devices, they get updates for years.

When Apple detects a vulnerability, it usually closes quickly. One of the most important things for users is: install updates immediately.

******

Post a Comment

0 Comments

close