Home
Artists
Search
Recent
Random
Posts
DMs
Tags
Random
Importer
Import
FAQ
Account
Register
Favorites
Login
More on the Huge iPhone Vulnerability (Patreon)
Downloads
Content
By Shannon Morse, Threatwire
Google’s Project Zero found a severe iOS exploit and reported on this attack just last week. The Threat Analysis Group at the company discovered a collection of websites that were being used in watering hole attacks against visitors, specifically targeting users with the iOS zero day. Later, news emerged that other operating systems may also have been targeted including Android and Windows machines, but this is yet to be determined. Project Zero explained that there was no target discrimination - anyone who visited the site was attacked, and if the exploit was successful, it would install a monitoring implant on your device that would get real time location data, steal photos and messages including encrypted ones, and install malicious apps, along with steal pre-encrypted messages by accessing the devices keychain of passwords and database files that are used for end to end encryption. All of the stolen data was transferred back to the attacker without encryption so if the user was on a public wifi network at the time, anyone else on that network could also see that data.
There’s no way to tell if your device was hacked, but the malware wasn’t persistent - so if you restart your phone, it’ll be removed, but not before already stealing all that data. There’s also no news from Google about which sites were infected so if you revisited a malicious site with a vulnerable device, your device would be infected again.
Project Zero found the exploit was targeting visitors to the websites for years, and had thousands of visitors per week. The vulnerability was disclosed to Apple earlier this year with a patch introduced back in February. Google believes the first site to be malicious went live on September 13, 2016, and appeared to be hacked itself with exploits planted by another party. While that party is undisclosed, multiple sources have speculated that the campaign was targeting the Uyghur Muslim minority community living in China’s Shinjang state - a community that has been continuously detained in Chinese internment camps in the millions and has faced pervasive surveillance. Given how much an attack like this would cost and it’s ability to hit such a huge amount of devices, it wouldn’t be surprising, but again - the sources are anonymous; take it with a grain of salt.
The exploit attacks highly secured apple devices from iOS 10 all the way up through iOS 12, and because of the scope of the attack, the team is unsure who is behind it. What they do know is that 14 different vulnerabilities for iOS 10 through 12 were used across five separate exploit chains so they must have been targeting devices from at least the last two years. The zero days include 7 in Safari, 5 in the iOS kernel, and 2 sandbox escape bugs. 2 of which were considered zero days.
Since the exploit was fixed back in February, it’s crucial to update your phone ASAP.
https://www.youtube.com/shannonmorse -- subscribe to my new channel!
ThreatWire is only possible because of our Patreon patrons! https://www.patreon.com/threatwire
Links:
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
https://www.vice.com/en_us/article/bjwne5/malicious-websites-hacked-iphones-for-years
https://www.cyberscoop.com/iphone-hack-google-project-zero/
https://www.cnet.com/news/google-says-iphone-security-flaws-let-websites-hack-them-for-years/
https://support.apple.com/en-us/HT209520
https://techcrunch.com/2019/08/31/china-google-iphone-uyghur/
https://www.businessinsider.com/china-may-have-used-hacked-websites-to-target-uighur-muslims-2019-9
https://threatpost.com/iphone-zero-days-watering-hole-attacks/147891/