A number of serious leaks in the iPhone have made recent models of Apple's smartphone vulnerable for years to rogue software (malware) that could spy on iPhone users, Google researchers announced on their blog on Friday.
These are leaks that occurred in iPhone models from the iPhones 5s to the iPhone X that were equipped with the operating system iOS 10 up to and including iOS 12.
If an iPhone was successfully attacked, the attackers would have access to all the databases of apps on the affected device. That way they could read WhatsApp, Telegram and iMessage calls, for example.
The strong encryption of messages, such as WhatsApp applies, is useless in this case. The encryption protects the content of messages when intercepted, but is useless if the start or end point, an affected iPhone, is infected.
It was also possible to view e-mail apps such as Gmail and Outlook, consult the contact list, make copies of photos and follow the GPS coordinates in real time.
In addition, the malware was able to access stored passwords, such as those of stored wifi points and the service Single sign-on (SSO) from Google, which allows Google users to log in to multiple Google services in one go. The leak also allowed the attackers access to these accounts.
Vulnerabilities removed with iPhone update
The Google researchers found a number of hacked websites earlier this year, which attracted several thousand visitors a day. A visitor with an iPhone who simply visited the website was attacked by the rogue software, resulting in possible contamination with rogue software.
The malware was deleted from the infected iPhone when the user restarted the device. "Nevertheless, the attackers can continue to have access to accounts and services through access to passwords," the researchers write. Moreover, a single infection through access to the data from all different apps can provide a wealth of information.
The vulnerabilities listed were reported to Apple earlier this year. Users who update their software to iOS 12.1.4 are no longer susceptible to the leaks discovered by the Google researchers. Experts recommend that software is always updated as quickly as possible to eliminate this type of vulnerability.
Here's how to update your iPhone to the latest version:
- Go to the Settings app and choose 'General'
- With 'Software update', the iPhone looks for whether an update is available. Download and install it by pressing the button