iPhones have been having 'monitoring implants' installed for years, Google researchers warn

Just visiting an affected website would be enough to be spied on

Andrew Griffin
Friday 30 August 2019 03:50 EDT
Comments
Phil Schiller, senior vice president of worldwide marketing at Apple Inc., speaks at an Apple event at the Steve Jobs Theater at Apple Park on September 12, 2018 in Cupertino, California
Phil Schiller, senior vice president of worldwide marketing at Apple Inc., speaks at an Apple event at the Steve Jobs Theater at Apple Park on September 12, 2018 in Cupertino, California (Justin Sullivan/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Hackers have been installing "monitoring implants" in people's phones without their knowledge for years, Google experts have warned.

The exploit could be installed inside an iPhone simply by visiting an affected website, and would then give hackers access to a users' images, contacts and other information, the security researchers warned.

Thousands of people could have been hit each week and would not even know they had been hit by the exploit, according to security research Ian Beer, from Google's Project Zero.

Mr Beer said: "There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, to install a monitoring implant."

Project Zero is the technology company's team for examining new security vulnerabilities.

Mr Beer said most of the security flaws were found within Safari, the default web browser on Apple devices.

Operating systems from iOS 10 to iOS 12 were targeted in the hack, which was able to access users' apps including Instagram, WhatsApp and Gmail.

Google said it reported the security issues to Apple on February 1.

Apple then released an operating system update on February 7.

iPhone users should check their device is running the most up-to-date version of iOS in order to ensure they are protected from the flaw.

Users can check their software version by going to the Settings app on their device, selecting General and then tapping on the Software Update option.

Any required updates will then be displayed here, which users can select to install.

The most recent update currently available is iOS 12.4.1.

Mr Beer warned that while the implant is not saved on Apple devices, it can again provide access to hackers when the owner visits a "compromised site".

"Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device," he said.

Apple did not immediately respond to a request for comment.

Apple's iOS is considered one of the most secure operating systems available because both it and the devices it runs on are built and managed by Apple - with little chance for gaps to appear between hardware and software that could be exploited by hackers.

The general security of the technology giant's devices has also previously placed it at odds with intelligence services in the US.

Apple was involved in a stand-off with the FBI in 2016 over access to the phone of a terror suspect in the San Bernardino shooting in California.

The FBI had asked Apple to create a software "back-door" to get around the phone's security settings and access data on the suspect's iPhone, but the tech firm refused.

Apple argued that overall user privacy was paramount and that creating a back-door to its software could place all iPhone users at risk should the tool ever fall into the wrong hands.

Additional reporting by Press Association

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in