[ad_1]
- Researchers at Google's Cybersecurity Division Project Zero discovered a handful of websites that were being used to hack iPhones.
- Once visited, the websites would have a "monitoring implant" on the device, which could then steal messages, photos, and real-time GPS rental data.
- The hacks spanned iOS 10 through 12, which Project Zero said they have taken place over the course of two years.
- Visit Business Insider's homepage for more stories.
Google researchers have found a handful of hacked websites that have been quietly used to infiltrate iPhones for at least two years.
Analysts at Google's Cybersecurity Project Zero Division published a deep-dive technical blog post Thursday night detailing their findings.
"There was no doubt that it was successful, but it was successful," said the researcher Ian Beer wrote in the blog. Once inside the iPhone, this implant has been able to steal messages, photos, and GPS rental data in real time.
Though the blog post did not say exactly how many of these websites they were. The hacks spanned iOS 10 through 12, which is said to be "heavy effort" to hack iPhones over a period of two years.
Read more: Apple accidentally reopened a security flaw that makes the iPhone vulnerable to hackers
The websites gained access to the iPhones through five methods, or "exploit chains." The researchers found 14 separate vulnerabilities that made these possible exploit chains. Seven of these vulnerabilities were found in Safari, the iPhone's default web browser.
The researchers told Apple about their findings in February and gave the company a seven-day deadline to fix the vulnerabilities. Six days later, Apple updated the security on iOS 12. Google gave Apple a much better time than usual.
Apple has a strong reputation for security and security – it's ready to shell out for bug bounties – $ 1 million.
Apple declined to comment by Business Insider.
[ad_2]
Source link