[ad_1]
Washington – Google's external security researchers have discovered unprecedented hacking and thousands of users are victims of these attacks each week, until the team in charge of Apple device security manages to disable them.
The Guardian newspaper announced Friday that the operation, which had lasted for two and a half years, had been carried out by a small group of websites by downloading malicious software on the iPhone.
Hackers were able to hack devices once users visited these malware-mined sites, including thousands of hits per week, when user interaction was not necessary to infect their phones. .
Some programs have been able to penetrate a developer's phone to counter this type of practice. Security vulnerabilities affect all operating systems, from iOS 10 to iOS 12.
Google's security investigators say it can attack malicious websites when they secretly visit the victim's iPhone phone, and exploit a set of defect programs that have not been disclosed. before.
If the phone is hacked, the secrets of the user are in the hands of the attackers, who are able to know its location every minute. The software also allows you to download all passwords stored on pirated devices, as well as images and user messages available on applications such as WhatsApp and Telegram. Hackers have access to victims' phone numbers and their data on Gmail.
According to a message posted by the Google security team, this problem could be one of the biggest attacks ever perpetrated against iPhone users.
Fortunately, these malicious software does not stay on the device when it restarts unless the user repeatedly travels to dangerous sites.
But given the amount of information stolen, attackers could still infiltrate various accounts and services using the passwords that they collected, even after losing access to it. device, said Ian Bear, security researcher at Google.
Bear is part of the Project Zero team, specializing in infiltration at Google. The goal of this team is to identify the security vulnerabilities of available technologies, regardless of the producer. The team aroused controversy because of its uncompromising policy: after 90 days, the person publishes the details of his statements, even if the party concerned fails to fill the void as soon as possible.
Attackers used 14 flaws to attack the IOS operating system. A series of related loopholes allowed hackers to go from one error to another, thus increasing the severity of their attack. This allowed attackers to access the root user of the device, the highest level of access on the iPhone.
Bear said the campaign was dangerous and the group was able to discover and disrupt it. But he expects the other operations to be unaware. "Users can not do anything to stop these attacks. However, they must recognize the existence of these processes and act accordingly. In addition to treating their devices as an essential part of their modern lives, they must also keep in mind the ability of hackers to exploit them to download and use all their data against them.
On February 1, Google informed Apple of the problem, giving it a maximum of seven days to fix the vulnerabilities, instead of the 90 days normally given to developers to fix security vulnerabilities, indicating the severity of the vulnerabilities.
Apple then released a fix, revealing Google's results in an accompanying support document.
Ian Bear was unable to determine who was behind the attack nor the profits of the malware on the black market, knowing that similar software could be sold for millions of dollars until it is discovered and repaired.
The news comes less than a month after Apple has announced the award of a huge reward to those who can monitor the penetration of their hacker computers and smart phone systems.
Apple has offered up to $ 1 million in rewards for its flaws in the iPhone, the biggest bonus offered by a company, to protect itself from hackers.
The company said at the annual "Black Hat" conference on Internet security in Las Vegas, that it will open the door to researchers, that it would add the program "Mac" and other goals and that it would offer a range of rewards called "rewards" to the holders of the most important results.
The price of one million dollars will only be awarded to those who will find a vulnerability allowing access to the remote iPhone's operating system, without any action of the Phone user.
The previous major award from Apple was $ 200,000 for those who reported deficiencies that could be corrected by software updates so they would not be exposed to criminals and spies.
Apple's interest in detecting shortcomings in its devices stems from the fact that certain features of these devices can be exploited to access "a number of sensitive data," according to the website "Arts Technica".
Apple makes it easy to locate lost devices, share Wi-Fi passwords, and allows AirDrop to share files between neighboring devices. However, a recent report revealed that these features can be used to access potentially sensitive large data.
According to the report, the operation of "Bluetooth", for example, provides important information about the quality of the phone, the operating system and the type of battery, adding that "the" pawns "can also be used by hackers to reach the phone number. "
The research, done by the security company "Hexway", indicates that these data may not seem very important, but that operating the right way can cause many problems to the owner of the phone.
In 2018, Apple has tightened privacy standards by limiting the number of developers and preventing them from exploiting users' personal data.
Earlier, a spokeswoman for Apple said, "We want to protect the privacy and security of our users, and we are working to ensure that our features do not threaten their security."
Government contractors and intermediaries pay up to $ 2 million for the most effective intrusion techniques, in order to obtain information from agencies.
Source link
