When researchers at IT giant Google last night Swedish published a series of blog posts, many reviewers soon realized the seriousness: what is described may be one of the largest known cyberattacks ever against Iphone users, according to the motherboard news site.

The experts at Google, who are also a competitor to Apple, have discovered a number of hacked sites that all delivered attacks against Iphone phones indiscriminately, with thousands of visitors each week for several years. Updated phones should also have been hit.

"There was no selection in target, it was enough to visit the site for the server to attack one's device and, if successful, install a monitoring implant," writes Ian Beer at Google's Project Zero.

Other notches are often targeted, and are based on clicking on a link in, for example, a message.

Stole chat data and contacts

The attack went on so that the phone first "broke up", whereby malicious code could be inserted into the phone - even a completely updated one.

In this case, what the installed code "is mainly aimed at stealing files and uploading site data in real time", and should have taken orders from an external server once a minute, according to Beer.

The hack should also have access to the phone's "key bundle" with passwords and important data, including encrypted chats and contacts.

A certain consolation may be that the attack should not have been particularly resilient but canceled if you restarted the phone.

Secret security holes

Something that makes the thing even more striking is that some of the attacks exploited so-called zero day vulnerabilities. They are called "zero day" because the vulnerability is undetected and unknown to the producer, who has thus had zero days to patch the security hole again.

Zero day vulnerabilities are a recommended and valuable commodity hacker in between, not least in Iphones that are considered relatively safe devices. Mobile phones are interesting targets for hackers as they often contain so much information about owners.

The price tag for a full vulnerability chain in a fully updated Iphone could amount to at least $ 3 million, which is about SEK 30 million.