[German]Security researchers from Google's Project Zero have discovered a previously unknown group of hackers who have been attacking iPhones via compromised websites for years. Visiting those sites leaves a complex exploit chains of malicious code on Apple devices.
Earlier this year, Google's Threat Analysis Group (TAG) discovered a number of hacked websites. The hacked sites were used for indiscriminate attacks on 0-day exploits on visitors surfing to the site with an iPhone.
An in-depth look at five iOS exploit chains that were used in hacked websites for carrying out watering hole attacks against devices running iOS 10 through 12 (Ian Beer/Project Zero) https://t.co/ajfGIzfjKZ pic.twitter.com/zUTEcmFazA
— Jeremy Lozier (@jeremy_lozier) August 30, 2019
The above tweet points to this discovery, the security team has published this discovery in a blog post.
A visit to the hacked page infects the device
The hackers were not choosy in their choice of victims. A simple visit to the hacked website was enough for the exploit server to attack the iOS device being used. If it was successful, the cyber criminals installed a surveillance implant. The Google security team estimates that these sites have thousands of visitors per week and could infect them.
Five exploits, used for years
Google's TAG has detected five separate, complete and unique iPhone exploit chains that can attack almost any version of iOS 10 up to the latest version of iOS 12. This indicated that a hacker group is making sustained efforts to hack iPhone users in certain communities for at least two years.
The exploits discovered are quite complex and use exploit chains to exploit vulnerabilities in the kernel of Safari. In addition, there are several exploits to break out of sandboxes. In the event of a successful attack, the hackers then had complete control over what they could monitor and do on the iPhone. This allowed encrypted chats to be retrieved from WhatsApp, etc., contacts and photos to be retrieved, etc. In principle, all data could be read by the iPhone.
The development of the exploits must have cost millions of US dollars, which fuels speculation about the originators. Apple then responded to Google's tip on February 7, 2019 with an unscheduled update to iOS 12.1.4. Details about the exploits can be found in Project Zero's blog post.
Cookies helps to fund this blog: Cookie settings