Google reveals years-long ‘indiscriminate’ iPhone hack

Once installed, the malicious software primarily focused on stealing files and uploading live location data. (File/Shutterstock)
Updated 30 August 2019

Google reveals years-long ‘indiscriminate’ iPhone hack

  • Most of the vulnerabilities targeted were found in the iPhone’s default Safari web browser
  • Once embedded in a user’s iPhone, the malicious software sent back stolen data

WASHINGTON: Google security experts uncovered an “indiscriminate” hacking operation that targeted iPhones over a period of at least two years and used websites to implant malicious software to access photos, user locations and other data.
In a post Thursday on the blog of Google’s Project Zero security taskforce, cyber experts did not name the hacked websites hosting the attacks, but estimated they received thousands of visitors a week.
“Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Project Zero’s Ian Beer.
Once installed, the malicious software “primarily focused on stealing files and uploading live location data,” Beer said, adding it had been able to access encrypted messenger apps like Telegram, WhatsApp and iMessage.
Google hangouts and Gmail had also been affected, he added in the post, which provided a detailed breakdown of how the malicious software targeted and exploited iPhone vulnerabilities.
Most of the vulnerabilities targeted were found in the iPhone’s default Safari web browser, Beer said, adding that the Project Zero team had discovered them in almost every operating system from iOS 10 through to the current iOS 12 version.
Once embedded in a user’s iPhone, the malicious software sent back stolen data, including live user location data back to a “command and control server” every 60 seconds.
Beer said Google had informed Apple of the attacks in February, and Apple subsequently released a security patch for the iOS 12.1.
Long the driver of Apple’s money-making machine, iPhone revenue overall was down 12 percent from last year to $26 billion.
The tech giant sent out invitations on Thursday to a September event at its Silicon Valley campus where it is expected to unveil a new-generation iPhone.


Facebook no longer among Glassdoor’s top 10 workplaces

Updated 11 December 2019

Facebook no longer among Glassdoor’s top 10 workplaces

  • The company received an overall rating of 4.4 out of 5, compared with 4.5 last year
  • Facebook is facing the heat over its handling of user data, misinformation campaigns on the platform
Facebook dropped to the 23rd spot in Glassdoor’s list of “Best Places to Work” in 2020 from the seventh it secured last year, amid heightened regulatory scrutiny of the world’s largest social network.
The company received an overall rating of 4.4 out of 5, compared with 4.5 last year, as employees gave relatively lower ratings for Facebook’s senior leadership and work-life balance.
“High profile projects can be extremely political and can really be dragged down by too many cooks in the kitchen. In a post-Cambridge Analytica world there are huge slowdowns in releasing new features or products ...,” according to one of the employee reviews on Glassdoor.
Facebook is facing the heat over its handling of user data, misinformation campaigns on the platform, as well as its plan for a global cryptocurrency called Libra.
Still, employee sentiment toward Facebook remained largely positive on better compensation and career opportunities, according to the Glassdoor report released late on Tuesday.
Software company HubSpot Inc. topped the 100 best workplaces list, while Alphabet Inc’s Google ranked number 11 and Apple Inc. 84.