iPhone Security Epic Failure Again

Apple users always swear that their gear is more secure than other operating systems; once again, this is proven to be a lie. The difference between Apple and Microsoft (or Google) is that the other guys are actively looking for security flaws and Apple does not. As we have repeatedly documented on this blog, Apple will only reluctantly admit to a security issue once the issue has been made public, and then only half-heartedly will they acknowledge it. Apple will refuse to fix known issues for years until outed by third parties.

Today another story is out and this one is as bad as it gets. Just by visiting a compromised website, hackers could get the following:

  • You location in real time, updated every minute
  • All your passwords
  • Chat histories on WhatsApp, Telegram, iMessage
  • Address book
  • Gmail database

In total, 14 bugs were exploited for the iOS attack across five different “exploit chains” – strings of flaws linked together in such a way that a hacker can hop from bug to bug, increasing the severity of their attack each time.

Please note that it was Google that informed Apple of the security flaws which had been exploited in the wild for a mere two and a half years.

An unprecedented iPhone hacking operation, which attacked “thousands of users a week” until it was disrupted in January, has been revealed by researchers at Google’s external security team.

The operation, which lasted two and a half years, used a small collection of hacked websites to deliver malware on to the iPhones of visitors. Users were compromised simply by visiting the sites: no interaction was necessary, and some of the methods used by the hackers affected even fully up-to-date phones.

Once hacked, the user’s deepest secrets were exposed to the attackers. Their location was uploaded every minute; their device’s keychain, containing all their passwords, was uploaded, as were their chat histories on popular apps including WhatsApp, Telegram and iMessage, their address book, and their Gmail database.

Google says hackers have put ‘monitoring implants’ in iPhones for years

Oh, as usual, it is a British news outlet breaking the story not the American media. As a rule, the UK has better coverage of national news in the United States than our own media. I guess they’re all too busy trying to make stuff up about Trump and Russia instead of doing their jobs. Back in the day, Woodward and Bernstein worked hard to break their story; they would not be contented just to be part of the echo chamber that passes for the mainstream media today.

Oh, there is other hacking news out there today as well.

Teenager hacked government file sharing website known as Army Aviation and Missile Research Development and Engineering Center Safe Access File Exchange (AMRDEC SAFE) Click here for story

Lastly, there is a fair chance your dentist had their data compromised by a ransomware attack. Click here for story.