Google says hackers have put ‘monitoring implants’ in iPhones for years
An unprecedented iPhone hacking operation, which attacked “thousands of users a week” until it was disrupted in January, has been revealed by researchers at Google’s external security team.
The operation, which lasted two and a half years, used a small collection of hacked websites to deliver malware on to the iPhones of visitors. Users were compromised simply by visiting the sites: no interaction was necessary, and some of the methods used by the hackers affected even fully up-to-date phones.
Once hacked, the user’s deepest secrets were exposed to the attackers. Their location was uploaded every minute; their device’s keychain, containing all their passwords, was uploaded, as were their chat histories on popular apps including WhatsApp, Telegram and iMessage, their address book, and their Gmail database.
The one silver lining is that the implant was not persistent: when the phone was restarted, it was cleared from memory unless the user revisited a compromised site. However, according to Ian Beer, a security researcher at Google: “Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device.”
Beer is a member of Project Zero, a team of white-hat hackers inside Google who work to find security vulnerabilities in popular tech, no matter who it is produced by. The team has become controversial for its hardline approach to disclosure: 90 days after it reports a bug to the victim, it will publish the details publicly, whether or not the bug has been fixed in that time.
In total, 14 bugs were exploited for the iOS attack across five different “exploit chains” – strings of flaws linked together in such a way that a hacker can hop from bug to bug, increasing the severity of their attack each time.
“This was a failure case for the attacker,” Beer noted, since even though the campaign was dangerous, it was also discovered and disrupted. “For this one campaign that we’ve seen, there are almost certainly others that are yet to be seen.
Twitter co-founder Jack Dorsey’s account hacked
One of the first tweets sent from his “compromised” account was the N-word. Another, sent minutes later, praised Hitler.
The official Twitter account of Jack Dorsey, the co-founder of the social media platform, was hacked on Friday.
One of the first tweets sent from his “compromised” account was the N-word. Another, sent minutes later, praised Hitler.
More than a dozen racist or otherwise offensive original tweets were sent within 20 minutes from the account.
Among the tweets was a link to a message board on the chat service Discord. The users in the chat had spelled out “DONALD TRUMP” in emojis on one of the boards. Some of the users in the chat claimed they were attempting to rifle through Dorsey’s private direct messages while they still had access to the account, but found the task too hard to manage.
Dorsey’s messaging inbox is set to “open,” which allows any user on Twitter to message him. On the announcements page, where only moderators of the Discord can post, the last message asked users who they should hack next.