Monday, October 7, 2019

Mysterious iOS Attack Changes Everything We Know About iPhone Hacking


As most of you know, I take security very seriously and I try hard to get the rest of you to do so as well.  Sometimes my efforts are to protect patient data and keep practitioners out of trouble with enforcement entities.  However other times my efforts are to keep YOUR personal data out of the hands of nefarious types who will use it against you for God knows what.

*This is one of those posts.*  I have been exploring the subject of this post for a few weeks now through multiple sources and I have determined that anyone with an iPhone needs to be aware of this.  Wired magazine is not the only entity to be getting the word out, but I think the following article does a tremendous job.

Here is what Wired has posted.  If you are an iPhone user *this is required reading*!!!

Hacking the iPhone has long been considered a rarified endeavor, undertaken by sophisticated nation-states against only their most high-value targets. But a discovery by a group of Google researchers has turned that notion on its head: For two years, someone has been exploiting a rich collection of iPhone vulnerabilities with anything but restraint or careful targeting. And they've indiscriminately hacked thousands of iPhones just by getting them to visit a website.
On Thursday evening, Google's Project Zero security research team revealed a broad campaign of iPhone hacking. A handful of websites in the wild had assembled five so-called exploit chains—tools that link together security vulnerabilities, allowing a hacker to penetrate each layer of iOS digital protections. The rare and intricate chains of code took advantage of a total of 14 security flaws, targeting everything from the browser's "sandbox" isolation mechanism to the core of the operating system known as the kernel, ultimately gaining complete control over the phone.
They were also used anything but sparingly. Google's researchers say the malicious sites were programmed to assess devices that loaded them, and to compromise them with powerful monitoring malware if possible. Almost every version of iOS 10 through iOS 12 was potentially vulnerable. The sites were active since at least 2017, and had thousands of visitors per week.
"This is terrifying," says Thomas Reed, a Mac and mobile malware research specialist at the security firm Malwarebytes. "We’re used to iPhone infections being targeted attacks carried out by nation-state adversaries. The idea that someone was infecting all iPhones that visited certain sites is chilling."

This is just the first few paragraphs.  To access the rest of the article you NEED to follow this link.

No comments:

Post a Comment