Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.

    SUBMIT

Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence

Disclaimer:

Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
Tech
News18 » Tech
2-min read

Biggest iPhone Hack in History Changes Many Notions Surrounding iOS Security

Disclosed by Google on its Project Zero blog, the iOS exploit chain just showed us that hacking iPhones by the bulk is, after all, not a difficult and expensive piece of engineering.

Shouvik Das | News18.com@distantvicinity

Updated:August 30, 2019, 9:12 PM IST
facebookTwitterskypewhatsapp
Biggest iPhone Hack in History Changes Many Notions Surrounding iOS Security
Representative image.
Loading...

Earlier yesterday, security research Ian Beer of Google's Project Zero revealed what likely is the biggest iPhone hacking manoeuvre is history. While discovering cyber breaches are no longer a rarity, what is startling is that the hacking project in question could, with relative ease and even a surprising amount of negligence, completely destroy the myth around the security potential of iPhones and Apple's iOS.

The breach in question was discovered by Google's Threat Analysis Group (TAG), which discovered a collection of hacked websites being used to indiscriminately spread targeted malware at intended victims — iOS users who were drawn to these sites from some malicious loop or a misleading link. These malware laden websites did not even require user to take action, and simply visiting a website was enough for the malware to target iPhones covering almost every version from iOS 10 to iOS 12.1.3. Once targeted, the malware would try installing itself into the iPhone, and if successful, initiate a monitoring implant that could be used to tap into conversations (even those that use local decryption), banking transactions and other sensitive data, potentially without any knowledge or suspicion of the device owner.

The widespread risk was patched by Apple in its iOS 12.1.4, which contained an elaborate changelog that described a security patch for a vulnerability through elevated software privileges. Beer and his TAG team discovered five individual exploit chains in iOS being targeted by these websites, which attacked 14 vulnerabilities in total — including kernel-level exploits. What this essentially means is that for a considerable period of time, iOS users were exposed to a not-so-rare or targeted threat (the fake websites received thousands of visitors each week) that could have given the control of the entire iPhone over to the hands of the attacker.

So far, common knowledge stated that while hacking into an iOS device was not entirely impossible, doing so required a sizeable amount of resources, making it impractical for mass targets. It is this very notion that made iOS significantly more secure, but the newly discovered vulnerability, which The Wired pegs as a possible state-sponsored surveillance mission by an unnamed nation, completely removes that notion. To add to the woes, this particular project was not particularly refined either, leaving gaping loopholes that allowed the tracking of the remote attacker IPs, and changelogs of the malware in order to track down their exact features. In a far more sophisticated attack, such a tool could have spelt devastation in the iOS community.

This particular vulnerability in question has since been patched by Apple earlier this year. However, with the nature of cyber crime evolving constantly, one may never tell for sure where the next attack might rise from.

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

| Edited by: ---
Read full article
Loading...
Next Story
Next Story

Also Watch

facebookTwitterskypewhatsapp

Live TV

Countdown To Elections Results
To Assembly Elections 2018 Results