More specifically, the information suggests the hackers planned their attacks to focus on the Uyghur community in China's Xinjiang state. However, after the news broke, TechCrunch reported that its sources believe the compromised websites containing the malware were likely part of a state-based attack - and likely one from China. The Google researchers did not attempt to assign blame or suggest anything about the parties that orchestrated these attacks. The information from Google also mentions how the cybercriminals made a "sustained effort" to exploit these vulnerabilities. These vulnerabilities affected most Apple operating systems from iOS 10 to 12. The affected sites were live online since at least 2017. The researchers did confirm that thousands of visitors likely went to those online destinations each week, however, and the malware existed since September 2016. It is also not known which specific sites the hackers targeted. This means that the hackers infected the sites with malware, and all a person had to do to unknowingly receive the malware was visit one of the relevant websites. However, they confirmed that it was an indiscriminate watering-hole attack. The researchers did not discuss the number of iPhone users potentially affected by these problems. See Related: Incident Of The Week: Malware Infects 25M Android Phones How Many Phones Were Hacked? It also stated that the malware implant requested commands from a command and control server every 60 seconds. A teardown post about the breach shows how hackers could successfully read users' private messages. But, criminals could still use the keychain information after the malware no longer existed on the device.Įven more unsettling is the fact that the hackers could get live location data from a user's phone. Restarting an affected iPhone deleted the malware off the device. Infiltrators could even read content from secure messaging apps like WhatsApp and view the material in plain text.Īdditionally, the hack allowed cybercriminals to view any information stored in the iPhone's keychain, such as passwords and certificates. They could see all the database files on the device. The exploit chains took advantage of 14 total security flaws that allowed cybercriminals to gain complete control of the phone after putting malware on it that served as a monitoring implant. They revealed five so-called exploit chains that link security vulnerabilities together and allow hackers to get through each layer of the security protections built into an operating system. Join Now What Happened?Įven though researchers at Google found these issues months ago and reported them to Apple at that time, the team only recently went public with the discoveries. With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |