Google cybersecurity researchers talked about a massive attack on iOS devices. Due to system security flaws, attackers could crack any iPhones whose owners logged into the infected site.
When the user opened the page, hackers gained access to messages, files and geolocation of users in real time. In addition, they could introduce a software implant that allowed them to bypass the keychain system – it protects user passwords and logins on iOS and macOS.
Researchers contacted Apple immediately after discovering the problem in February 2019. Companies were given seven days to fix, but usually a period of 90 days. Apple closed the vulnerability on February 7 with the release of iOS 12.1.4 – in the same version, a bug was fixed that allowed listening to iOS users through FaceTime.
Researchers from Google said that “thousands of users” visited the infected sites every week. According to Motherboard, the attack could be the “largest iPhone ever.”
Journalists noted that by circumventing keychain protection, attackers could gain access to any data and certificates stored in the system, including databases of instant messengers with encryption like WhatsApp and iMessage. Correspondence was stored in the clear on the end device, so hackers could read other people’s messages.
As explained in Motherboard, the attack is distinguished by its “mess”. Usually, hackers send links to malicious sites to specific people who they want to hack, but in this case, users only had to visit an infected resource to get an implant in the system.
The hackers’ patch was erased after each reboot of the device due to iOS features. But since the attackers circumvented keychain protection, they could gain access to the authorization keys that the section contained: this allowed them to maintain access to services and accounts for a long time even if the implant was removed.
In total, Google researchers found 14 vulnerabilities and five exploit chains to which all devices from 10 to 12 versions of iOS were exposed. In their opinion, this means that the attackers tried to hack users for two years.
Researchers believe that despite fixing vulnerabilities, there are still security flaws in the system that they did not find. According to them, the attackers “almost certainly” carried out other attacks that have yet to be found.