Last week, Google’s Project Zero team dropped a bombshell in a blog post. The post A very deep dive into iOS Exploit chains found in the wild says how malicious websites have hacked iPhones for years simply by a victim accessing its webpages. This has raised concern to people using iPhones as how exploits could be heard only after a successful attack.
Now, the question is, should only the users of the iPhone be concern about this hack? No, in fact, multiple sources with knowledge of the situation said that other than the iPhone, the attack was spread to other devices. The websites that launched the hacks also spread the exploit to both Android devices and Windows PCs.
The purpose and target of the attack
The aim of the exploit was to infect the computers and smartphones of the Uighur ethnic group in China. Uighur as a small Muslim community in China has long been targeted by the Chinese government, particularly in the Xinjiang region. The hack was carried out to gain access to private data including passwords, photos, videos, and databases. The attackers were also able to detect the apps installed on a device and mined victims’ data. This they carried out by exploiting popular services such as WhatsApp, Instagram, Telegram, iMessage as well as Gmail and Hangouts.
How could someone become a target
All a victim had to do is to visit a vulnerable website and click on a redirect link. This which is supposed to be a harmless act is all that is needed to infect a victim’s phone with malware. Consequently, the attackers would be granted access to copy data from the phone. The aim was to mine victims personal data and the exploit was carried out successfully over a period of two years. Moreover, the attacks were updated over time due to the changes and upgrade of different operating systems used by the Uighur community.
Both iPhone, iOs and Android should be concern of this hack
Although, Apple was prompt to patch the vulnerabilities used for these exploits immediately they were informed by Google in February. Still, if such hack could be exploited for years without notice, then more are still undercovered and victims can be anyone. You really should be concern if you use a Smartphone and it doesn’t matter what the brand or model.
Even if your phone uses a strong password or biometric encryption, you still can not be saved from this type of attack. For the reason that you’re on the internet and can stumble across a webpage that has such malware embedded. Still, you could be a victim and likely not know you have been hacked. In all, you just have to try and apply safe practices anytime you browse the internet to reduce your chances of becoming a victim. This you can do by only following links from trusted people and don’t wander around any non-reputable sites. But even at this, you still can’t be too careful, malware is everywhere and seeking to invade you. You just should take your online security seriously and try to do the best you can to be saved.
Hence, this is not the only threat out there but the most recently known for now. There’s still several kinds of malware and they all have one goal; to steal your data. Please always be careful out there.
For questions or suggestions, we are a click away.
Please leave a comment below.