Google Researchers Discover Malicious Websites Hacking iPhones for Years (Aug 29, 2019)
Researchers at Google’s Treat Analyst Group (TAG) and Project Zero have discovered a series of hacked websites that have been delivering attacks to iPhones for a period of at least two years. “Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Ian Beer, a security researcher at Project Zero. TAG was able to collect five distinct iPhone exploit chains based on 14 vulnerabilities. These exploit chains covered versions from iOS 10 up to the latest iteration of iOS 12. The attack chains allowed a threat actor to gain root access to the device, and gain access to the victim’s keychain, as well as steal files and upload live location data. The implant does not have persistence on a device, but the potentially stolen authentication tokens from user keychains could allow the actor to gain access to various accounts.
Recommendation: Always keep your mobile phone fully patched with the latest security updates. Use the Google Play Store / Apple App Store to obtain your software, and avoid downloading applications, even if they appear legitimate, from third-party stores. In addition, the use of mobile antivirus software protects your phone by identifying malware and automatically blocking it from downloading.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.