Google asserted in August that iPhones suffered a massive security breach, with hackers placing so-called “monitoring implants” in an untold number of devices.
More from Deadline
- Google, Facebook Will Face Launch Of Antitrust Probes By State Law Enforcement Officials
- Netflix, Amazon & Apple Spent $345M On UK Original Productions In 2018
- Joseph Gordon-Levitt To Headline, Write & Direct 'Mr. Corman' Schoolteacher Comedy-Drama Series For Apple
Apple is set to unveil a new set of iPhones in September.
Spokesman Fred Sainz said in an Apple statement that Google created a “false impression” on the scale of the problem. The security breach was a “narrowly focused” attack on “fewer than a dozen” websites related to the Uighur community of China.
“Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation…This was never the case.”
EARLIER: Apple iPhones have apparently suffered a massive security breach, with hackers placing so-called “monitoring implants” in an untold number of devices.
The issue was discovered by Google security researchers, who claim the infiltration has been going on for at least two years. The implant was inserted when users visited unspecified hacked websites, according to a blog post by Ian Beer of Google’s security research team, called Project Zero.
Apple is set to unveil a new set of iPhones in September. It is unclear whether the revelation of this hack will affect those plans. But it does raise questions on the security of an operating system that was largely viewed as safe and reliable compared to other systems.
The malware from the hacks could allow others to read all the database files on a victim’s phone, including messages between users on such encrypted platforms as WhatsApp, iMessage, Telegram and others. Gmail and Google Hangout information could also be read, and contacts and photos accessed. Passwords to other devices could also be compromised if stored on the iPhone,
And in an age where cryptocurrency and banking are done online, the potential for damage to any particular user it extreme.
“The implant has access to almost all of the personal information available on the device, which it is able to upload, unencrypted, to the attacker’s server,” Beer said. “There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant.
The Project Zero team estimated that the sites “receive thousands of visitors per week.” Beer did not identify the hacked websites in the post, nor did he say how users can determine if their devices have been infected.
“The hacked sites were being used in indiscriminate watering hole attacks against their visitors,” he added. The Google team identified 14 iPhone vulnerabilities related to five exploits. Seven of the vulnerabilities were related to the iPhone’s web browser. Google claims that it notified Apple of the vulnerabilities on Feb 1, 2019, and the iPhone maker patched them on Feb. 7, 2019.
Beer described the research undertaken by Project Zero as “a huge effort to pull apart and document almost every byte of a multi-year in-the-wild exploitation campaign.” He warned that still other hacks may be undiscovered
Apple is expected to unveil its latest iPhones at an event at its headquarters in Cupertino, Calif. on Sept. 10. Three new iPhones are expected to be debuted.