What would happen if for 2 years you had been visiting web pages from your iPhone's browser that simply by visiting them would have compromised the terminal? Well, there are many possibilities that this has happened to you, since Google today revealed a bombshell in the form of a study that shows that several hacked sites have been accessing mobile phones Apple illegally for at least a couple of years.
Visited websites that have hacked iPhone
It is not a rumor, nor a data read in a forum: Members of the Google Project Zero online research team have reviewed it in a published report in which they point out that They have discovered several hacked websites that had attacks designed to hack iPhones. As soon as they were visited by someone with a mobile Apple, launched a malware attack, although what scares most is that the Google report notes that these websites "they were visited thousands of times a week and were operational for years“, So the number of affected users is huge.
Ian Beer, from Project Zero, explains that “there was no objective discrimination; Simply visiting the hacked website was enough for the compromised server to hack your device. And if the attack was successful, install a monitoring implant “. If the attack was successful, the web deployed malware inside the smartphone to steal files and data and upload them to private servers, including GPS data of the location of the terminal and the worst: the keychain of the iPhone, which contains the passwords and databases of several encrypted apps such as WhatsApp, iMessage or Telegram.
Several of the attacks were successful in using ‘zero day’ exploits, which use a vulnerability that the company – in this case Apple- does not know and therefore has not resolved. The funny thing is that the attacks were designed against iOS, a complicated operating system to hack. In fact Apple -and other companies- usually pay who can find exploits with which to create vulnerabilities in their OS and mobile to correct them. Beer notes that Project Zero's analysis found 5 exploits based on 14 vulnerabilities ranging from iOS 10 to iOS 12.
The good thing is that the implant that these websites placed on the iPhone did not last long, so simply the gesture of restarting the mobile already deleted it from the system. Although when accessing the web again, it was installed again. Google's own group alerted last February to Apple of his discoveries, and those of Cupertino immediately patched the exploits with the iOS 12.1.4 patch officially announced on its website, so for almost 7 months there is no danger to users.
Here you have the link to the document published by Google Project Zero, although anticipating more than one person, the report does not mention the websites that were hacked and that they carried out the attacks when visiting them.