Blocking ads removes funding from us!
Researching and writing articles takes a lot of time. Operating our infrastructure costs money.
All of this is funded with advertising revenue.
We don't like advertising either - that's why we avoid annoying banners and pop-ups.
Please give us a chance and deactivate your adblocker!
Alternatively, you can support us here voluntarily.
Language:  Deutsch English (Beta)

Follow us:

iOS vulnerability: Hackers have been able to spy on iPhone users for years

iOS
Picture: TechnikNews/Screenshot
(Post picture: © 2018 TechnikNews/Screenshot)

Google's security team Project Zero has uncovered what is arguably the worst iOS vulnerability in years. This enabled hackers to spy on users for years via malicious code smuggled into websites.

For years, strangers could simply read iPhone chats from users, like Wired currently reported. We had a similar case already in May, where private chats from iPhone users could be read through a WhatsApp gap. But that's not all: real-time location tracking of the iPhone and retrieval of files, photos, contacts and passwords in the "keychain". proeasily possible. By accessing the message databases of various messengers, chats in iMessage, WhatsApp and Telegram could be read. The gap existed in several "levels" of the iOS software - therefore to be classified as quite critical.

iOS security mechanisms simply bypassed - infected by surfing the Internet

In every modern operating system we find so-called "sandboxes", which allow content in the browser, apps and other applications to run in a separate area. This means that harmful content cannot “break out” of this area and damage other things in the operating system. But there was a loophole here, which enabled profound access to the Apple operating system. You could become infected by simply visiting an infected website on the Internet. After restarting the iPhone, however, the ghost was over again - then you had to call up the page again to be infected again with the monitoring software.

It is not known exactly which websites were affected and on which this malicious code was smuggled.

iOS vulnerability: These iPhone users are exactly affected

The Google Security team reported the vulnerability to Apple on February 1, 2019 with a 7-day deadline. On February 7th, Apple responded directly and released an update to iOS 12.1.4. Nevertheless, looking back a few years ago, hackers were able to access users' data - the vulnerability has existed since the first version of iOS 10. It was released on September 13, 2016. It cannot be found out whether you were attacked or spied on.

In short: if you use a newer iOS version than iOS 12.1.4, you are no longer vulnerable.

iOS Vulnerability Affected Versions

The gap existed from September 13, 2016 to at least February 7, 2019. (Image: Google/Proproject zero)

This is how Google tracked down the hackers - is there a state behind it?

Security researchers currently assume that the attacker is a state. So they probably bought security gaps and tried to spy on users on a large scale. This suspicion is corroborated if one takes a closer look at the code of the attack. There you will find some errors in the camouflage for the transmission of the tapped data. For example, the IP address of the server to which the data was sent was obviously anchored in the code. In addition, all data was sent unencrypted to this server. On the other hand, the attacker could not have cared who was reading and who did it.

It is not clear which IP address that was and in which region the server was located. The security team has not provided any information about this. It is possible that this information will be submitted at a later point in time after Apple has also commented on it.

More information about the iOS security vulnerability

Find interested people in the security blog from Google further information on the gap, which would be too complicated to explain in this article. The exact procedure and further details are also described there. Apple has not yet commented on the iOS security vulnerability.

Recommendations for you

>> Support us by purchasing from Amazon <

Lars Matt

Lars is a casual blogger here on TechnikNews. Nevertheless, he finds time for an article about technology almost every month - he is enthusiastic about the latest smartphones and gadgets arouse his interest.

Lars has already written 90 articles and left 18 comments.

Web
Mail: lars.matt | at |techniknews.net | please NOT for general inquiries, cooperations! This way: Contact
guest
Your name, which will be shown publicly.
We will not publish your email address.
0 Comments
Inline feedback
View all comments