Cyber society is impressed with the Project Zero report about the discovery. Nothing special but the most significant attack on iPhones.
Apple’s iPhone is globally appreciated for its hard-to-hack system, and people can't help buying it even if the price bites.
Google researchers got proof of the well-planned assault. A lot of things are obscured, a lot of things regular users will never know. This story is hacked from top to toe.
What's the deal?
Project Zero team found hacked sites which were aimed to attack Apple smartphones through a system vulnerability. The black hats made a trap - the website masked as a simple site. Nothing suspicious but since you've visited this place you become a victim. Besides, it was not a particular single platform, and there were several such websites able to settle down an implant on the device.
The info source named "Motherboard" said that the so-called implant strives to get access to the keychain of iPhone and get approach to account credentials with certificates. Further, the malware can reach the content of messengers or actual location.
In general, the attack is rather purposeless as usually scam programs contain a link which must be sent to the object. But this case is more tricky because to be infected; the user had to enter the site. Can you imagine how many users could do that?
Attack complications.
From the report of Project Zero, we also find out that there is a "Zero Day" term, which is very important for security protectors. This is the sticking-point of silence before the storm, meaning that until developers didn't detect the system bug, the bad guys can make use of it and harm your product.
Evidently, the situation was more than emergency as researchers urgently reported about the accident to Apple office and demanded to patch defects within 7 days, instead of the standard 90-day period. The malware was designed to injure iOS versions 10 through 12, which means that the hackers were gathering data over two years. Apple notified the vulnerabilities were removed in the 12.1.4 version and the FaceTime bug as well.
The outcome.
Although the campaign was closed and the defects were deleted, the damage is done. Researchers suppose that there could still be some fallouts or similar exploits are waiting for them in future.
