- Phones: Apple scandal: this is the biggest hack in the history of the iPhone ... and Google has discovered
- Apple.iOS 13: this is the news announced at WWDC 2019
- Technology: Apple's iPhone 11 will be announced on September 10: this is what we know about the new mobile
The discovery of several security flaws in iOS by the Google threat analysis group is more important than it seems at first glance. No operating system, no network or device is 100% secure but until now iOS had a privileged position in the world of technology.
Android, due to its more permissive nature and the friction that exists when updating phones to new versions , has been the target of many more attacks. The failures and vulnerabilities of iOS were so few and demanded that their discovery guaranteed the payment of small fortunes in the right circles.
As a consequence, the cost of the tools to be able to violate the security of the devices was also high and generally limited to intelligence services and reserved for very specific objectives with high political or strategic value .
As Andy Greenberg and Lily Hay Newman explain in Wired, this attack changes the equation. First for the time it seems to have been active, about two years. Second, by the scope of it. It was designed to affect a large number of devices and to obtain a large amount of information from all of them .
"I hope this will move the focus debate on the 'million dollar dissident'," explains Google researcher Ian Beer in reference to the type of traditional iOS security vulnerability victim. Until now the cost of hacking tools limited these targets to enemies of great powers with advanced intelligence services such as China, Israel, Russia or the USA. and with information of high strategic value in its terminals .
The 14 vulnerabilities (all corrected since last February in iOS version 12.1.4, a week after they were privately notified to Apple) had been packaged into five attack routines that could enter the phone by visiting simply a web page and that allowed to attack different versions of the iOS system , starting with iOS 10.
Once inside, these routines exploited the different failures until they were done with the highest level of access possible in the system and deployed several monitoring tools . The attacker could know location data, photos or even passwords stored in the victim's phone. These tools remained active until the terminal was restarted but after the restart it was necessary to visit the web again to infect the phone. Nothing was permanently installed in the system.
Google has not revealed the websites where it detected these routines but has confirmed that they received thousands of views per week. The traffic analysis in the detected instances suggests that they focused on the surveillance of messaging and mail applications such as Viber, Gmail, WhatsApp, Voxer, Facebook or Skype.
The collected data was sent unencrypted to the attacker, a rare slip. The attackers also left visible the IP addresses to which this data should be sent, allowing to identify and monitor the evolution of the attacks . Although the culprit is not clearly identified in the document made public by Google, several security experts and Beer himself say that it would be the appropriate technique to spy on members of a specific community or ethnic group, because it allowed to infect many devices by directing them so Only to a website with relevant content for that group.
According to the criteria of The Trust Project
Know more- iOS
- iPhone
- Russia
- Israel
- China
- Android
- technology
TechnologyUSA does not want Google and Facebook to deploy an underwater cable to Hong Kong
Technology Huawei introduces Harmony OS, its alternative to Android
RedesAuge and Tumblr fall, the social network that invented the retuit