Incident Of The Week: Apple iPhones Affected By Data Breach Discovered By Google’s Project Zero Security Researchers
Exploit Chains Linking Security Vulnerabilities Allow Hackers To Embed Malware Into iOS Devices
Apple's iPhones enjoy a reputation for being ultra-secure and hard to hack, so most cybercriminals don't bother trying.
However, you shouldn't think of your iPhone as a device that's totally safe from hackers. In February, a team of researchers at Google alerted Apple to vulnerabilities that persisted for two years and allowed hackers to embed malware on iPhones after people visited particular websites.
Even though researchers at Google found these issues months ago and reported them to Apple at that time, the team only recently went public with the discoveries. They revealed five so-called exploit chains that link security vulnerabilities together and allow hackers to get through each layer of the security protections built into an operating system.
The exploit chains took advantage of 14 total security flaws that allowed cybercriminals to gain complete control of the phone after putting malware on it that served as a monitoring implant. They could see all the database files on the device. Infiltrators could even read content from secure messaging apps like WhatsApp and view the material in plain text.
Additionally, the hack allowed cybercriminals to view any information stored in the iPhone's keychain, such as passwords and certificates. Restarting an affected iPhone deleted the malware off the device. But, criminals could still use the keychain information after the malware no longer existed on the device.
Even more unsettling is the fact that the hackers could get live location data from a user's phone. A teardown post about the breach shows how hackers could successfully read users' private messages. It also stated that the malware implant requested commands from a command and control server every 60 seconds.
How Many Phones Got Hacked?
The researchers did not discuss the number of iPhone users potentially affected by these problems. However, they confirmed that it was an indiscriminate watering-hole attack. This means that the hackers infected the sites with malware, and all a person had to do to unknowingly receive the malware was visit one of the relevant websites.
It's also not known which specific sites the hackers targeted. The researchers did confirm that thousands of visitors likely went to those online destinations each week, however, and the malware existed since September 2016. The affected sites were live online since at least 2017.
These vulnerabilities affected most Apple operating systems from iOS 10 to 12. The information from Google also mentions how the cybercriminals made a "sustained effort" to exploit these vulnerabilities.
Who Is Responsible for the Hacks?
The Google researchers did not attempt to assign blame or suggest anything about the parties that orchestrated these attacks. However, after the news broke, TechCrunch reported that its sources believe the compromised websites containing the malware were likely part of a state-based attack — and likely one from China.
More specifically, the information suggests the hackers planned their attacks to focus on the Uyghur community in China's Xinjiang state. They're a minority group of Muslims, and if this were indeed an attempt to target them, it'd be another instance in a long history of China's attacks on the group. In the past year alone, for example, hundreds of thousands of Uyghurs have been detained in internment camps.
Forbes also quotes anonymous sources who backed the belief of the link to the Uyghur Muslims. The people who provided that information also alleged that the attacks extended to Windows and Android systems. However, Google did not comment on that possibility.
How Did Apple Respond?
Google's researchers gave Apple a 7-day window to fix the identified issues. If the company hadn't done so, Google would have publicized its information immediately after the deadline. Apple fixed the problems and released a security patch six days after it learned of what Google found. However, the company has not released a statement since.
Why Should This Matter to You?
Smartphone hacking has started to become a trend that could lead to personal and corporate ruin. A smartphone in the workplace, especially one connected to the company's cloud network, could be hacked and lead the whole business to be compromised. This can be prevented with the right measures in place, like revised credentials, but companies have to understand the danger these hackers can pose from such an unassuming source as an employee's cellphone.
A hacker may attempt to get into as many devices as possible to gather an abundance of data that could lead to more sensitive information. These also come in the forms of targeted attacks by starting out small and working their way up to leaders of a company. Targeted attacks are often thought to be done by outside nation states, not entirely unlike speculation regarding the iPhone data breach. Either way, on a personal and professional level, a smartphone data breach could lead to devastation.
What Should You Do?
Apple addressed this security vulnerability in a patch contained in Update 12.1.4. So, the first thing to do if you think you're affected is to ensure you're running that version or a later one. Also, since these problems breached information stored in the Apple keychain, it's worth checking to see what's stored in there. You should strongly consider whether you want to change the associated passwords.
Other than that, this is a clear reminder that you should never assume hackers wouldn't target your smartphone or that it'd start behaving strangely if they did. Always remember that smartphones offer conveniences, but they carry risks, too.