iPhone bug also accessed WhatsApp chats, Gmail, Contacts and more: Google
Project Zero researchers have revealed that iPhone bug also accessed WhatsApp chats, Gmail, Telegram, Contacts and more.
The implant can take copies of the user’s complete contacts database, copies of all their photos, upload the user’s location in real time, and more.
Google has warned users against visiting any unauthorised websites
Google researchers at Project Zero have identified a vulnerability that accessed all the database files that were used by end-to-end encryption apps like WhatsApp, iMessage, Gmail, and more, on the victim’s iPhone. It can take copies of the user’s complete contact database, copies of all their photos, upload the user’s location in real time, and more. The implant is primarily focused on uploading live location data and stealing files.
The flaw allowed a few websites to hack iOS devices. The hackers not only had access to texts on messaging apps, but also media files and locations. According to the report, when the hackers get access to the WhatsApp chats, they start sending these hacked messages as plain texts over a server. “The implant runs completely in userspace, albeit unsandboxed and as root with entitlements chosen by the attacker to ensure they can still access all the private data they are interested in,” says the report.
The researchers were able to collect five separate, complete and unique iPhone exploit chains, that covered almost every version from iOS 10 through to the latest version of iOS 12.
"Earlier this year, Google's Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day," said Beer in the report.
The implant has access to almost all of the personal information available on a user’s device, which the implant is able to upload, unencrypted, to the attacker's server. The report further says, “ if the phone is rebooted then the implant will not run until the device is re-exploited when the user visits a compromised site again.”
Google has warned users against visiting any unauthorised website, and to be really careful about clicking on any suspicious mail that might lead them to a malicious website and make you vulnerable to hackers. Additionally, Apple has advised iOS users to update their devices with the latest OS.
Digit NewsDesk
Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. View Full Profile