Google says a bunch of malicious websites have been secretly hacking iPhones for years

When you think of Apple products, you tend to think of them as more secure. Apple’s control over both hardware and the software that runs on it has made most users think they’re immune to viruses and other hacks.

They’re wrong in this assumption, as a group of researchers at Google have discovered a massive attack against iPhone users, that was using hacked websites to deliver the payloads.

The scary part? Just visiting the website on your iPhone is enough to get you attacked, and possibly infected by a monitoring implant.

A group of malicious websites has been hacking iPhones for years

Google’s Threat Analysis Group (TAG) collected five distinct iPhone exploit chains, based on combinations of 14 vulnerabilities. That level of sophistication means this is likely someone with huge backing, maybe even a nation-state. That’s because iPhone exploits are expensive, due to the difficulty of actually successfully attacking the device.

• TAG estimates that each of the malicious websites gets thousands of visitors per week
• Once installed, the monitoring implant stole files and uploaded live location data
• The monitoring implant could also see encrypted messages from services such as WhatsApp, Telegram, and iMessage, as it had access to a user’s keychain, the secure area that Apple stores user passwords and encrypted databases of those messaging services
• Rebooting the iPhone is enough to clear the infection, as the implant doesn’t have a persistent install

Yikes. I mean, this is terrifying. If you went to one of the unnamed sites, hackers have all your messages, all your passwords, all your logins… Apparently the A12 chip in the iPhone XS is mostly immune, but anyone with older devices could have been compromised. Probably a good idea to change all of your passwords, again.

What do you think? Surprised by the news? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

• Apple is finally letting independent businesses repair your iPhone
• Gmail has been keeping tabs on every single purchase you’ve made
• An Android app with 100 million downloads was pulled for spreading malware
• This sportswear from Wisenfit will literally supercharge your workouts