×
You will be redirected back to your article in seconds

Massive iPhone Hack Compromised Thousands of Phones

Hackers were able to break into thousands of iPhones by combining a number of iOS vulnerabilities, Google’s Project Zero security project revealed late Thursday. The hack was carried out via dedicated websites; simply visiting those sites with an iPhone or iPad could result in hackers installing malware on those devices, which they could then use to steal contacts, passwords and other sensitive information.

It’s unclear how many devices were exactly affected by the hack, but the number of potential victims could be high. “We estimate that these sites receive thousands of visitors per week,” wrote Project Zero team member Ian Beer in a blog post Thursday evening.

Apple didn’t immediately respond to a request for comment Friday.

The websites in question used to attack iPhones were up since 2017, and Beer wrote that the exploits his group found were capable of breaking into devices running anything from iOS 10 to iOS 12. Google’s security researchers didn’t discover the attack until earlier this year. Before making their findings public, they informed Apple, which closed the vulnerabilities with the release of iOS update 12.1.4 in February.

Google did not share details about the sites in question this week, but the wording of Beer’s blog post suggests that they were designed to target specific groups of users, perhaps ethnic minorities, or opposition groups in a specific country. The specifics of the hack “indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years,” Beer wrote.

Apple’s iPhone has long been seen as the most secure choice for end users; the fact that the company controls both hardware and software has helped it to more quickly respond to threats, and restrictions on installing apps from third-party sources have made it harder to trick users into opening up their devices to prying eyes.

However, news of this massive hack shows that no device is ever 100% secure, and that determined adversaries can always find a way to circumvent security measures. Beer noted as much in his blog post, and cautioned users who might be at risk to never completely trust their devices to be secure, no matter the manufacturer:

“Real users make risk decisions based on the public perception of the security of these devices,” he wrote. “The reality remains that security protections will never eliminate the risk of attack if you’re being targeted. To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group. All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”

Popular on Variety

More Digital

  • Elite Season 2

    San Sebastian: Spain’s SVOD Players Debate Competition, Brand, Talent

    SAN SEBASTIAN  — Executives from HBO, Netflix, Amazon and Movistar+ and “Elite” co-creator Darío Madrona took to the stage to field questions on the Global Impact of Spanish Series. Here, briefly, are five takeaways: 1.Spain First “La Casa de Papel” was watched by 34,355,956 Netflix accounts over its first seven days,  after a July 19 [...]

  • Tinder - Swipe Night

    Tinder's Apocalyptic 'Swipe Night' Interactive Dating Show Sets Release Date

    Tinder next month will bow its first original entertainment content — “Swipe Night,” an interactive adventure series in which viewers are forced to make dating choices on humanity’s last night on Earth. Variety previously reported details of the location-based social network/dating app service’s foray into original content, which recently wrapped production in Mexico City and [...]

  • Editorial Use onlyMandatory Credit: Photo by

    YouTube Rolls Back Verification Changes, Says Verified Creators Can Keep Their Badge

    A day after announcing significant changes to its verification program, YouTube announced Friday afternoon that it won’t be de-verifying existing creators after all. “We heard loud and clear how much the badge means to you,” said YouTube product manager Jonathan McPhie in a blog post. “Channels that already have the verification badge will now keep it [...]

  • BLive: BitTorrent Live Streaming App to

    BitTorrent to Launch Public Beta of New Live Streaming App

    BitTorrent is getting ready to open the floodgates for its new live streaming app, dubbed BitTorrent Live: The company plans to launch a BitTorrent Live Android app on various app stores as part of a public beta test late Friday, according to a spokesperson. BitTorrent Live, which is also known as BLive, is being described [...]

  • Netflix - Apple TV

    Netflix Stock Drops After CEO Acknowledges 'Tough Competition' Coming From Disney, Apple

    Netflix shares fell as much as 7% Friday to a nine-month low, coming after CEO Reed Hastings commented that the November launches of Disney Plus and Apple TV Plus will introduce a “whole new world” of competition. Hastings, speaking at the Royal Television Society conference Friday in Cambridge, England, said, “While we’ve been competing with [...]

  • Facebook

    Facebook Suspends Tens of Thousands of Apps During Privacy Investigation

    Facebook has suspended tens of thousands of apps ever since it began investigating potential privacy abuses, the company said Friday. The apps in question had been built by around 400 developers, and a suspension doesn’t necessarily indicate actual privacy violations. Facebook began combing through millions of apps that made use of its platform after the [...]

  • tivo logo

    Tivo Plans to Launch Android TV Dongle, Tivo+ Curation App

    DVR maker Tivo is getting ready to release a new device that may not record television at all: The company plans to launch a $50 Roku-like TV dongle early next year, its new CEO Dave Shull revealed in a conversation with CNN this week. The new device will be powered by Google’s Android TV platform, [...]

More From Our Brands

Access exclusive content