- Dec 30, 2012
- 4,809
In what may be one of the largest attacks against iPhone users ever, researchers at Google say they uncovered a series of hacked websites that were delivering attacks designed to hack iPhones. The websites delivered their malware indiscriminately, were visited thousands of times a week, and were operational for years, Google said.
"There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week," Ian Beer, from Google's Project Zero, wrote in a blog post published Thursday.
Some of the attacks made use of so-called zero day exploits. This is an exploit that takes advantage of a vulnerability that the impacted company, in this case Apple, is not aware of, hence they have had "zero days" to find a fix. Generally speaking, zero day attacks can be much more effective at successfully hacking phones or computers because the company does not know about the vulnerability and thus has not fixed it.
iPhone exploits are relatively expensive and the iPhone is difficult to hack. The price for a full exploit chain of a fully up to date iPhone has stretched up to at least $3 million. This includes various vulnerabilities for different parts of the iPhone operating system, including the browser, the kernel, and others to escape an application's sandbox, which is designed to keep code running only inside the part of the phone it is supposed to.
"There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week," Ian Beer, from Google's Project Zero, wrote in a blog post published Thursday.
Some of the attacks made use of so-called zero day exploits. This is an exploit that takes advantage of a vulnerability that the impacted company, in this case Apple, is not aware of, hence they have had "zero days" to find a fix. Generally speaking, zero day attacks can be much more effective at successfully hacking phones or computers because the company does not know about the vulnerability and thus has not fixed it.
iPhone exploits are relatively expensive and the iPhone is difficult to hack. The price for a full exploit chain of a fully up to date iPhone has stretched up to at least $3 million. This includes various vulnerabilities for different parts of the iPhone operating system, including the browser, the kernel, and others to escape an application's sandbox, which is designed to keep code running only inside the part of the phone it is supposed to.