Hackers have been using compromised websites to install “monitoring implants” in iPhones for years, according to researchers at Google.
The malicious software gathers users’ images, contacts and other information.
Ian Beer, from Google’s Project Zero, said in a blog post that the hacked sites had received thousands of visitors each week.
Mr Beer said: “There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, to install a monitoring implant.”
Project Zero is the technology company’s team for examining new security vulnerabilities.
Mr Beer said most of the security flaws were found within Safari, the default web browser on Apple devices.
Operating systems from iOS 10 to iOS 12 were targeted in the hack, which was able to access users’ apps including Instagram, WhatsApp and Gmail.
Google said it reported the security issues to Apple on February 1.
Apple then released an operating system update on February 7.
iPhone users should check their device is running the most up-to-date version of iOS in order to ensure they are protected from the flaw.
Users can check their software version by going to the Settings app on their device, selecting General and then tapping on the Software Update option.
Any required updates will then be displayed here, which users can select to install.
The most recent update currently available is iOS 12.4.1.
READ MORE: Apple hints at lower iPhone prices after sales drop
Mr Beer warned that while the implant is not saved on Apple devices, it can again provide access to hackers when the owner visits a “compromised site”.
“Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device,” he said.
Apple did not immediately respond to a request for comment.
Apple’s iOS is considered one of the most secure operating systems available because both it and the devices it runs on are built and managed by Apple – with little chance for gaps to appear between hardware and software that could be exploited by hackers.
The general security of the technology giant’s devices has also previously placed it at odds with intelligence services in the US.
Apple was involved in a stand-off with the FBI in 2016 over access to the phone of a terror suspect in the San Bernardino shooting in California.
The FBI had asked Apple to create a software “back-door” to get around the phone’s security settings and access data on the suspect’s iPhone, but the tech firm refused.
Apple argued that overall user privacy was paramount and that creating a back-door to its software could place all iPhone users at risk should the tool ever fall into the wrong hands.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereLast Updated:
Report this comment Cancel