Google Finds ‘Indiscriminate iPhone Attack Lasting Years’

Information Security Buzz
Original Source
Information Security Buzz

This article originally appeared in Information Security Buzz on August 30, 2019.

Security researchers at Google have found evidence of a “sustained effort” to hack iPhones over a period of at least two years.The attack was said to be carried out using websites which would discreetly implant malicious software to gather contacts, images and other data. Google’s analysis suggested the booby-trapped websites were said to have been visited thousands of times per week, the BBC reported.

EXPERTS COMMENTS

John Aisien, CEO,  Blue Cedar

September 02, 2019

Companies should be responsible for immunizing their applications to prevent potential devastation.

Mobile device security has historically been a slow-moving and often frustrating undertaking, but the result has created spikes in mobile device weaponization like the news we saw today. This raises profound concern about the security of the devices we carry around on an everyday basis, and which we increasingly use to access and process both personal and corporate data. By hacking into popular mobile apps like WhatsApp and iMessage, cybercriminals can gain access to sensitive information like encrypted messages, personal health information, location data, and in extreme cases, things like industrial plans or sovereign policies like we saw with the recent Huawei news in Africa. This type of attack will come as a shock to some, as it goes against the security promised by these types of applications. But the security software likely isn’t the culprit here – it’s possible this breach is the result of a lapse in the security update integration time. Companies should be responsible for immunizing their applications to prevent potential devastation, as ineffective mobile device and data security is something that will continue to generate concerns in the coming years.

Usman Rahim, Digital Security and Operations Manager,  The Media Trust

September 02, 2019

The notion that only you can access your device is far from the truth.

The identification of these exploits targeting iOS devices prove that even products designed from the ground up to protect your privacy aren’t 100% secure. The notion that only you can access your device is far from the truth. Your device and the apps that run on it are supported by many third-parties who can potentially access your behavioral and personal information, from how many steps you’ve taken this morning to where you bought your coffee to which article you read on which online publication. That’s just three of the many things you did this morning; it doesn’t include your location even with your GPS off, the credit card balance you paid off, and what pictures you IM’d to whom. This is today’s surveillance economy made possible by the digital ecosystem’s growing presence—with our unmindful consent--in our daily lives. And in this economy, the only way we can restore our privacy is for manufacturers, developers, online publishers, adtech/martech, data management providers, and everyone else in between, to work together on setting higher privacy and security standards that should include knowing who all their digital third parties are, what these third parties are doing and for what purpose, and uprooting these third parties from the digital ecosystem when they violate digital policies.