Monday 16 September 2019

iPhone users issued advice as serious hacking attack uncovered

'Back door': New iPhones in an Apple Store. Hackers have been using compromised websites to install
'Back door': New iPhones in an Apple Store. Hackers have been using compromised websites to install "monitoring implants" in iPhones for years, according to researchers at Google. Photo: Kirsty O'Connor/PA Wire
Adrian Weckler

Adrian Weckler

Apple iPhone users are being advised to make sure their handsets are updated after a serious hacking incident was found.

The problem may have affected thousands of Irish and European iPhones over the past three years.

Please log in or register with Independent.ie for free access to this article.

Log In

The flaw, which involved iPhone users' personal details being made available to hackers through infected websites, was discovered by a Google security team, which notified Apple in February.

Apple patched the vulnerability soon afterwards. But security researchers say the infected websites, which were not disclosed, were visited thousands of times each week by iPhone users.

Irish Data Protection authorities say there has been no contact with Apple over the hacking incident, which has initially been assessed as a security issue rather than a data breach.

A spokesman for Helen Dixon's office said that the Irish data regulator was examining the issue before proceeding further.

The hack involved malware which was uploaded to a small number of sites and was designed to specifically infect iPhones.

Just visiting the websites from an iPhone's web browser was enough to infect the handset.

Once infected, sensitive information such as personal conversations, passwords and location data were at risk, according to the Google security researchers. Users' apps, including Instagram, WhatsApp and Gmail, were also potentially accessible.

"There was no target discrimination," said Ian Beer of Google's Project Zero group, which unearthed the problem.

"Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week."

Mr Beer said most of the security flaws were found within Safari, the default web browser on Apple devices.

Operating systems from iOS 10 to iOS 12, installed on most iPhones over the past three years, were targeted in the hack.

Users should check their device is running the most up-to-date version of iOS in order to ensure they are protected from the flaw.

They can test their software version by going to the Settings app on their device, selecting General and then tapping on the Software Update option.

Any required updates will then be displayed here, which users can select to install.

The most recent update currently available is iOS 12.4.1.

Mr Beer warned that while the implant is not saved on Apple devices, it can again provide access to hackers when the owner visits a "compromised site".

"Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device," he said.

Apple's iOS is considered one of the most secure systems available because both it and the devices it runs on are built and managed by Apple, with little chance for gaps to appear between hardware and software that could be exploited by hackers.

The general security of the technology giant's devices has also previously placed it at odds with intelligence services in the US and UK.

Authorities in both countries have put pressure on Apple to provide a "back door" into iPhones to help them fight crime and terrorism.

Apple has refused to do so, citing security and privacy concerns for its customers.

The security issue comes 10 days before Apple unveils its newest range of iPhones.

On September 10, the company is expected to announce three new iPhones, as well as new iPads and a new MacBook Pro laptop.

Irish Independent

Also in Business