![]() And Quintin points out that the campaign's mass infection tactics imply a government that wants to surveil a large group that might self-select by visiting a certain website. It remains far from clear who might be behind the brazen campaign, but both its sophistication and focus on espionage suggest state-sponsored hackers. The sites were active since at least 2017, and had thousands of visitors per week. Almost every version of iOS 10 through iOS 12 was potentially vulnerable. Google's researchers say the malicious sites were programmed to assess devices that loaded them, and to compromise them with powerful monitoring malware if possible. They were also used anything but sparingly. The rare and intricate chains of code took advantage of a total of 14 security flaws, targeting everything from the browser's "sandbox" isolation mechanism to the core of the operating system known as the kernel, ultimately gaining complete control over the phone. A handful of websites in the wild had assembled five so-called exploit chains-tools that link together security vulnerabilities, allowing a hacker to penetrate each layer of iOS digital protections. On Thursday evening, Google's Project Zero security research team revealed a broad campaign of iPhone hacking. And they've indiscriminately hacked thousands of iPhones just by getting them to visit a website. But a discovery by a group of Google researchers has turned that notion on its head: For two years, someone has been exploiting a rich collection of iPhone vulnerabilities with anything but restraint or careful targeting. Hacking the iPhone has long been considered a rarified endeavor, undertaken by sophisticated nation-states against only their most high-value targets.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |