Google exposes massive iPhone hacking operation

Google’s Project Zero security team has revealed a vulnerability in iOS that exposed large numbers of users to a hack that allowed the installation of a monitoring implant.

Scott Bicheno

August 30, 2019

2 Min Read
data spy security hack

Google’s Project Zero security team has revealed a vulnerability in iOS that exposed large numbers of users to a hack that allowed the installation of a monitoring implant.

This kind of hack is called ‘zero-day’, the definitions of which vary, but which refers to a vulnerability in a piece of software that leaves it open to exploitation by outside actors. The stated aim of Project Zero is to make zero-day hard and it goes about doing so by trying to find such vulnerabilities. Apparently it always publishes these findings after giving the owner of the software time to address the vulnerability and Apple was told about this one back at the start of February this year.

“Now, after several months of careful analysis of almost every byte of every one of the exploit chains, I’m ready to share these insights into the real-world workings of a campaign exploiting iPhones en masse,” wrote Ian Beer of Project Zero in the blog post detailing the findings. “Let’s also keep in mind that this was a failure case for the attacker: for this one campaign that we’ve seen, there are almost certainly others that are yet to be seen.”

This is at best very embarrassing for Apple, which prides itself on the relative lack of malware on its close software platforms. The malware was able to install itself on iOS devices if they merely visited an infected website, with no manual download required. Upon successful installation the malware apparently granted the bad guys access to everything on the phone, including passwords, chat histories, etc.

Google is, of course, Apple’s sole rival in the mobile operating system space, so it does seem pretty convenient that it should be discovering iOS vulnerabilities and publicising them. Project Zero’s policy, it seems, is to publish all such findings after an appropriate delay to allow for patching, which it should be stressed Apple did immediately, but you have to wonder whether it’s quite as keen to bring Android’s failings into the public domain.

About the Author

Scott Bicheno

As the Editorial Director of Telecoms.com, Scott oversees all editorial activity on the site and also manages the Telecoms.com Intelligence arm, which focuses on analysis and bespoke content.
Scott has been covering the mobile phone and broader technology industries for over ten years. Prior to Telecoms.com Scott was the primary smartphone specialist at industry analyst Strategy Analytics’. Before that Scott was a technology journalist, covering the PC and telecoms sectors from a business perspective.
Follow him @scottbicheno

Subscribe and receive the latest news from the industry.
Join 56,000+ members. Yes it's completely free.

You May Also Like