Apple IPhones Could Have Been Hacked For Years – Here's What To Do About It

Could Have Been Hacked For Years – Here's What To Do About It

For many years, the Apple iPhone has been considered one of the most secure smart phones available. But despite this reputation, security issues that might affect millions of users came to light last week, when researchers at Google revealed they had discovered websites that can infect iPhones, iPads, and iPods with dangerous software.

Simply visiting one of these websites is enough to infect your device with malicious software, allowing a high level of access to the device. Worryingly, it seems these vulnerabilities have been “in the wild” (that is, actively used by cyber-criminals) for around two years.

As there is no visible sign of infection on the device, it is likely users are completely unaware of the risks they’re facing.

The vulnerabilities being exploited are present on devices running recent (but not the most recent) versions of Apple’s iOS operating system — specifically, iOS 10 through to early versions of iOS 12. Every device running the vulnerable versions of iOS is a potential target for these websites.

Devices are infected via several methods, using 14 different security flaws — an unusual number of ways to compromise a device. Worse is that seven of the flaws involve Safari, the default web browser for many of these devices (and web browsing is a common activity for many users).

It’s not all bad news though. After Google reported the issues to Apple earlier this year, the vulnerabilities were promptly patched with the latest release of iOS (12.4.1).

Any user updating their device to the latest version of iOS should be protected against this attack. The easiest way to do it is to go to Settings > General > Software Update on your phone and then follow the prompts.

 Get The Latest From InnerSelf

What happens when you visit an infected site?

As soon you open the web page, malicious software is installed on the device. This software has the potential to access location data and information stored by various apps (such as iMessage, WhatsApp, and Google Hangouts).

This information can be transmitted to a remote location and potentially misused by an attacker. The information extracted can include messages that are otherwise protected when sent and received by the user, removing the protection offered through encryption. Hackers can also potentially access private files stored on the device, including photos, emails, contact lists, and sensitive information such as WiFi passwords.

All of this data has value and can be sold on the Internet to other cyber-criminals.

According to antivirus firm Malwarebytes, the malicious software is removed when the infected device is restarted. While this limits the amount of time that the device is compromised, the user risks being reinfected the next time they visit the same website (if still using a vulnerable version of iOS).

The list of websites involved has not yet been made publicly available, so users have no means to protect themselves other than by updating their device’s operating system. But we do know the number of visitors to these sites are estimated in the thousands per week.

Are Apple devices no longer secure?

High-profile attacks on these devices might dispel the myth that Apple devices are not susceptible to serious security breaches. However, Apple does have a bug-bounty program that offers a US$1 million reward to users who report problems that help to identify security flaws.

But considering the impact of this incident, it’s obvious someone out there is making considerable efforts to target Apple devices. While the tech giant regularly updates its software, there have been recent incidents in which previously fixed security flaws were reintroduced. This highlights the complexity of these devices and the challenge of maintaining a secure platform.

The most important lesson for Apple’s millions of users is to ensure you keep up to date with the latest patches and fixes. Simply installing the latest iOS update is sufficient to remove the threats caused by this vulnerability.

If you’re concerned your details may have been stolen, changing passwords and checking your credit card and bank account statements are also important steps to take.The Conversation

About the Authors

Leslie Sikos, Lecturer, Edith Cowan University and Paul Haskell-Dowland, Associate Dean (Computing and Security), Edith Cowan University

This article is republished from The Conversation under a Creative Commons license. Read the original article.


follow InnerSelf on


 Get The Latest By Email



The Day Of Reckoning Has Come For The GOP
by Robert Jennings,
The Republican party is no longer a pro-America political party. It is an illegitimate pseudo-political party full of radicals and reactionaries whose stated goal is to disrupt, destabilize, and…
Why Donald Trump Could Be History's Biggest Loser
by Robert Jennings,
Updated July 2, 20020 - This whole coronavirus pandemic is costing a fortune, maybe 2 or 3 or 4 fortunes, all of unknown size. Oh yeah, and, hundreds of thousands, maybe a million, of people will die…
Blue-Eyes vs Brown Eyes: How Racism is Taught
by Marie T. Russell, InnerSelf
In this 1992 Oprah Show episode, award-winning anti-racism activist and educator Jane Elliott taught the audience a tough lesson about racism by demonstrating just how easy it is to learn prejudice.
A Change Is Gonna Come...
by Marie T. Russell, InnerSelf
(May 30, 2020) As I watch the news on the events in Philadephia and other cities in the country, my heart aches for what is transpiring. I know that this is part of the greater change that is taking…
A Song Can Uplift the Heart and Soul
by Marie T. Russell, InnerSelf
I have several ways that I use to clear the darkness from my mind when I find it has crept in. One is gardening, or spending time in nature. The other is silence. Another way is reading. And one that…