A seriously concerning security flaw has been discovered which has reportedly allowed hackers to covertly put so-called monitoring implants in iPhones.
The vulnerability is said to have been discovered in January 2019, with Apple releasing a security patch in February 2019. It’s understood that Google’s external ‘white hat’ security team, known as Project Zero, are responsible for identifying the flaw.
There may be thousands upon thousands of people whose phones have been compromised in a way that could allow hackers to have had access to a disturbing wealth of information.
Thousands could be affected by monitoring implants in iPhones
It’s understood that thousands of users per week may have fallen victim to the security flaw that’s said to be able to allow hackers to install monitoring implants in iPhones.
All victims had to do was visit one of a number of hacked websites, and that’s it. No interaction was required by the unfortunate visitors, who can be affected by merely visiting a hacked website alone.
This mass operation to steal information may have been ongoing for over two and a half years. Because users only had to visit hacked websites without any further interaction, it’s hard to determine the extent of users who could have been affected. Further, people would not have been aware that their devices could have been compromised.
What data has been compromised?
The sheer wealth and sensitivity of the data that may have been exposed by hackers installing so-called monitoring implants in iPhones is frightening.
So far, we know that the vulnerability could have allowed for the following to have been comprised:
- Location data – which can be updated every minute;
- Passwords;
- Photos;
- Chat and message histories, including those on platforms like WhatsApp;
- App info;
- Contact lists.
This kind of data in the wrong hands could be used for all sorts: from blackmail, to fraud, and to breaking into other accounts. There may well be a treasure trove of data out there that could be used at any time by criminals, and all or parts of the data could easily be sold on the dark web.
It’s also understood that there were a number of ways that hackers could use vulnerabilities in order to compromise more and more data. With most people living so much of their lives through their phones, news that hackers have been able to effectively and covertly install these monitoring implants in iPhones is an unprecedented attack.
News of this vulerbaibltiy doesn’t come as much of a surprise to us. A number of the group and multi-party actions we’re fighting for justice in involve hackers using security flaws to steal data.
We’ll continue to track developments in this breaking story.