Google says hackers have put ‘monitoring implants’ in iPhones for years
Get link
Facebook
X
Pinterest
Email
Other Apps
Google says hackers have put ‘monitoring implants’
in iPhones for years
Visiting hacked sites was enough for
server to gather users’ images and contacts
Alex HernFri
30 Aug 2019 03.03 EDTLast modified on Fri 30 Aug 2019 09.25 EDT
·An unprecedented iPhone hacking operation, which attacked
“thousands of users a week” until it was disrupted in January, has been
revealed by researchers at Google’s external security team.
The operation, which lasted two and a half years, used a small
collection of hacked websites to deliver malware on to the iPhones of visitors.
Users were compromised simply by visiting the sites: no interaction was
necessary, and some of the methods used by the hackers affected even fully
up-to-date phones.
Once hacked, the user’s deepest secrets were exposed to the
attackers. Their location was uploaded every minute; their device’s keychain,
containing all their passwords, was uploaded, as were their chat histories on
popular apps including WhatsApp, Telegram and iMessage, their address book, and
their Gmail database.
The one silver lining is that the
implant was not persistent: when the phone was restarted, it was cleared from
memory unless the user revisited a compromised site. However, according to Ian
Beer, a security researcher at Google: “Given the breadth of information
stolen, the attackers may nevertheless be able to maintain persistent access to
various accounts and services by using the stolen authentication tokens from
the keychain, even after they lose access to the device.”
Beer is a member of Project Zero, a
team of white-hat hackers inside Google who work to find security vulnerabilities in
popular tech, no matter who it is produced by. The team has become
controversial for its hardline approach to disclosure: 90 days after it reports
a bug to the victim, it will publish the details publicly, whether or not the
bug has been fixed in that time.
In total, 14 bugs were exploited for
the iOS attack across five different “exploit chains” – strings of flaws linked
together in such a way that a hacker can hop from bug to bug, increasing the
severity of their attack each time.
“This was a failure case for the
attacker,” Beer noted, since even though the campaign was dangerous, it was
also discovered and disrupted. “For this one campaign that we’ve seen, there
are almost certainly others that are yet to be seen.
“All that users can do is
be conscious of the fact that mass exploitation still exists and behave
accordingly; treating their mobile devices as both integral to their modern
lives, yet also as devices which when compromised, can upload their every
action into a database to potentially be used against them.”
Google said it had reported the
security issues to Apple on 1 February. Apple then released an operating system update which
fixed the flaws on 7 February.
New cash machines: withdraw money with veins in your finger Cash machine technology that reads the pattern of finger veins is already available in Japan and Poland By Telegraph Reporters 6:59PM BST 15 May 2014 Cash machines could soon be installed with devices that identify customers by reading the veins in their fingers. The technology is already being rolled out in Poland, where 1,730 cash machines will this year be installed with readers, negating the need for a debit card and Pin. Developed by Hitachi, the Japanese electronics firm, the machines read the patterns of the veins just below the surface of the skin on your finger using infra-red sensors. The light is partially absorbed by haemoglobin in the veins to capture a unique finger vein pattern profile, which is matched to a profile. The technology is used by Japanese banks and also in Turkey, offering “groundbreaking levels of accuracy and speed of authentication”, Hitachi said, which in t...
Will AI replace doctors who read X-rays, or just make them better than ever? As AI moves into medicine, perhaps no one has more to gain or lose than radiologists, the doctors who review medical scans for signs of cancer and other diseases By MATTHEW PERRONE AP Health Writer May 14, 2024, 9:16 AM ET WASHINGTON -- How good would an algorithm have to be to take over your job? It’s a new question for many workers amid the rise of ChatGPT and other AI programs that can hold conversations, write stories and even generate songs and images within seconds. For doctors who review scans to spot cancer and other diseases, however, AI has loomed for about a decade as more algorithms promise to improve accuracy, speed up work and, in some cases, take over entire parts of the job. Predictions have ranged from doomsday scenarios in which AI fully replaces radiologists, to sunny futures in which it frees them to focus on the most rewarding aspects of their work. That tension reflects how AI is rollin...
The City That’s Trying to Replace Politicians With Computers (It’s Working) After sneaking his AI-written water bill into law, Ramiro Rosário says government press-release writers could go, too By Samantha Pearson and Luciana Magalhaes Dec. 22, 2023 8:58 am ET PORTO ALEGRE, Brazil — In a country with a history of corruption and government inefficiency, Councilman Ramiro Rosário has come up with what he believes is a winning strategy to improve the work of politicians: replace them with computers. The 37-year-old legislator in Brazil’s southern city of Porto Alegre passed the country’s first law in November that was written entirely by ChatGPT, the artificial-intelligence chatbot developed by the San Francisco startup OpenAI. The law itself was purposefully boring—a proposal to stop the local water company from charging residents for new water meters when they were stolen from their front yards. It would easily pass, calculated Rosário. One recent day, donning jeans and sneakers...
Comments
Post a Comment