Your iPhone may have been hacked this past winter. That’s the disturbing news from a new study and blog site that is leaving the cell phone industry in an uproar.
Researchers working for Google on their zero-day liabilities told the media yesterday that a number of independent websites have infected iPhones for the past two years in a random pattern that puzzles investigators. It doesn’t appear that the hack is targeting any particular group of users — the victims are spread over a wide demographic with no distinguishing characteristics that might tie them together. These randomized sites have been hacking into thousands of iPhone users accounts every week since at least 2017.
This grouping of pirate websites is being called a hacking waterhole by internet experts and police authorities, who say the dozen or so sites were created to attract iPhone customers with free app come-ons, and then infect their phones after they clicked on certain icons. The Google TAG Team first discovered the threat when iPhone user private and protected information began appearing at random on so-called Black Watch lists back in 2017. Data hacked includes passwords, contact information, and sensitive location details.
Google’s Project Zero, which has a continuing mandate to update security threats to iPhone users, and the Google TAG Team (also called the ‘Internet SWAT Team’) discovered what they are calling ‘exploits’ in a number of security centers for iPhone customers, which opened vulnerabilities in everything from central kernels at the core of the operating system to even remote web browsers. Most of the vulnerabilities have been patched, but there are still several considered to be ‘zero-day,’ that is, not completely deleted as yet.
Apple has called the hacking problem a ‘memory corruption’ and says they have been dealing with the problem for the past several months. A comprehensive news release on the matter, jointly issued by Google and by Apple, on the entire matter, is expected within the next two weeks.