Google’s Project Zero revealed that it has discovered how these attacks happened and who was the target. They also claimed that these websites probably affected thousands of iPhones and breached their security.
In this article, I will explain about these hacks and their agenda. So, let’s begin.
How did the websites hacked iPhones?
In August 2019, Google Project Zero revealed the security issues in the iPhone devices. A zero-day knowledge made these hacks possible.
The hacks used 14 vulnerabilities, and the hackers combined them into five chain attacks. An attack chain is the one that uses a combination of different vulnerabilities. So, these vulnerabilities were combined to ensure the hacking of the device.
These chain attacks allowed hackers to install an implant on the phone, which had root access. Now, it could bypass all the security protocols of the iPhone and have access to all the privileges and private data.
The malicious websites were able to hack the iPhone’s, which visited them. These websites installed monitoring software whenever an iPhone user visited them. And because this monitoring software had root access, it could reach and spy on all the information and data of the device.
What did these hacks do?
These hacks installed an implant on the iPhones. This spying software had access to the private information of the user without their knowledge and consent. So, they were in a real sense stealing information and data of the iPhone users.
By doing these hacks, the hackers were able to have access to the photos, messenger, credentials, passwords, and all the private and confidential information of the iPhone’s owner.
There were even able to view and read the encrypted messages of different apps such as Whatsapp and iMessage. Just because it had the root access, the implant made it possible to access the encrypted messages, which would otherwise not be possible.
The operating system of the iPhone always makes sure that your encrypted messages are safe. But, because this software had access to your phone’s database files, it could read all the sent and received messages.
The most worrisome part was that they were able to track the real-time locations of the iPhone user. So not only were the hackers able to access the phone, but they were also able to know the exact current location of the users, watching their every move.
Who was targeted by the hacks on iOS devices?
This particular community turned out to be the Uighur community. Apple’s statement read:
“The attack affected fewer than a dozen websites that focus on content related to the Uighur community”.
By making this statement, Apple made it clear that the Chinese government may have used this software to spy on the Uighur people. The intention was to maintain control of these people’s lives and to monitor their activities.
Apple also accused Google by saying that they have been “stoking fear among all iPhone users that their devices had been compromised”. So, this implies that all the iPhone users do not need to be worried about their private data was breached. And the hackers only targeted a small minority of all the iPhone users.
This statement might have helped to eradicate the chaos in the iPhone community. But, it doesn’t change the fact that the devices were indeed vulnerable and were at risk when these attacks happened.
Who is the Uighur community?
The Uighur people belong to an ethnic minority group. They are native to China. But, the Chinese government is trying to cleanse them and take control of the people due to their religious practices.
To get rid of Islamic views and practices, the government is taking extreme measures to brainwash them into abandoning their religion.
What was the purpose of these hacks?
The main purpose of these hacks was to gain access to the private data of the iPhone users of the Uighurs community. While there was a sense of shock and fear among all the people using the iPhone, this attack was only interested in acquiring access to some of the iPhone’s.
These attacks proved that the iOS devices lacked the required security, which is the right of every user. So, the iPhone owners were not safe to the hacks made to their devices, and all were in potential danger.
Another thing to be concerned about is how these hacks targeted the Uighurs community. There’s no doubt that the acquired information will be exploited and used against them. Furthermore, we cannot even begin to imagine the potential risks of these attacks if they targeted all the iPhone users. The fact that not all users were at threat was not because of the limitation of the attack.
It was only because the hackers were interested in a small community of people. We do not deny the fact that the attacks on this group of people are something to be concerned about. But, these hackers could have done much more harm if they had the intention to do so.
What should you do in case of a Hacked iPhone?
In case you feel that you are affected by these attacks, there is no need to worry. These attacks affected iOS 10 through iOS 12. All you need is to update your iPhone to iOS 12 or higher, and you will be safe from these attacks.
Updating your iPhone with the new iOS will reboot your device during installation. Doing this will result in getting rid of all the malicious software and will remove the spy malware from your device.
From this method, we can infer how important it is to keep your devices updated. In the updated versions, along with adding new features, companies also make sure to fix any bugs or security issues. So, as soon as a new version is available, you should update your device for your safety and security.
Keep in mind that no antivirus can help you eradicate this implant. So, there is no way you can detect these sorts of threats and be aware of them. Still, the best thing you can do is to ensure the safety of your device is to update it regularly.
These attacks used websites to install malware into the devices of iPhone users. Even though the target of the attacks was a small community of people, all the iPhones were under threat. No doubt, by releasing a new version of iOS and fixing the security issue, Apple dealt with the situation. But, this event raised many questions on the security and the privacy that these devices offer to their users.