Massive iPhone Hack Compromised Thousands of Phones

Hackers were able to break into thousands of iPhones by combining a number of iOS vulnerabilities, Google’s Project Zero security project revealed late Thursday. The hack was carried out via dedicated websites; simply visiting those sites with an iPhone or iPad could result in hackers installing malware on those devices, which they could then use to steal contacts, passwords and other sensitive information.

It’s unclear how many devices were exactly affected by the hack, but the number of potential victims could be high. “We estimate that these sites receive thousands of visitors per week,” wrote Project Zero team member Ian Beer in a blog post Thursday evening.

Apple didn’t immediately respond to a request for comment Friday.

The websites in question used to attack iPhones were up since 2017, and Beer wrote that the exploits his group found were capable of breaking into devices running anything from iOS 10 to iOS 12. Google’s security researchers didn’t discover the attack until earlier this year. Before making their findings public, they informed Apple, which closed the vulnerabilities with the release of iOS update 12.1.4 in February.

Google did not share details about the sites in question this week, but the wording of Beer’s blog post suggests that they were designed to target specific groups of users, perhaps ethnic minorities, or opposition groups in a specific country. The specifics of the hack “indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years,” Beer wrote.

Apple’s iPhone has long been seen as the most secure choice for end users; the fact that the company controls both hardware and software has helped it to more quickly respond to threats, and restrictions on installing apps from third-party sources have made it harder to trick users into opening up their devices to prying eyes.

However, news of this massive hack shows that no device is ever 100% secure, and that determined adversaries can always find a way to circumvent security measures. Beer noted as much in his blog post, and cautioned users who might be at risk to never completely trust their devices to be secure, no matter the manufacturer:

“Real users make risk decisions based on the public perception of the security of these devices,” he wrote. “The reality remains that security protections will never eliminate the risk of attack if you’re being targeted. To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group. All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”

Popular on Variety

More Digital

  • Alex Jones

    Google Removes Infowars Android App From Online Store Over Coronavirus Misinformation

    Google on Friday removed the Android version of the Infowars app from the Google Play online store, after comments made by Infowars founder Alex Jones about the COVID-19 pandemic were deemed false and harmful. Google Play was that last major internet platform that provided an outlet for Infowars, which trades in right-wing conspiracy theories and [...]

  • Van Weezer

    Weezer Debuts Online Video Game as Throwback to Simpler Times -- And Album Promo

    Eight-bit diehards, get your thumbs ready: pop rock darlings Weezer have launched a nostalgia-heavy online side-scrolling action game, playable via web browsers.  The “The End of the Game” game has users playing as one of the band’s four members and jumping and shooting their way in a (surprisingly difficult) boss fight against an oversized, beanie-clad [...]

  • Google-Mountain-View-Calif

    Google Commits $800 Million, Mostly in Ad Credits, to Coronavirus Relief Efforts

    Google and parent Alphabet are pitching in to help small businesses, health organizations and governments dealing with the COVID-19 pandemic. The internet company has earmarked more than $800 million for coronavirus relief, about three-fourths of which ($610 million) is in the form of Google Ad credits to small and midsize businesses and governmental orgs, Alphabet [...]

  • Why Are Music Streams Down If

    Why Are Music Streams Down If Everyone's Stuck at Home? Experts Weigh in

    While it might seem counterintuitive that music streams would decline at a time when so many Americans were ordered to stay home, data-savvy label executives were neither startled nor concerned by the 7.6% drop in plays that happened in the March 13-19 tracking week. Simply put, they say it’s down to focus on news and [...]

  • MipTV Online Plus Initiative Launches

    MipTV Online Plus Features Showcases, Pitches, Presentations

    Reed Midem launches its MipTV Online Plus initiative Monday as a digital alternative to the conference that was scheduled to open on the same day in Cannes, but it includes many of the elements that were planned for the physical event. Among the streamed sessions on Monday morning (Paris time) will be the invitation-only Drama [...]

More From Our Brands

Access exclusive content