Google helps Apple safeguard iOS-powered iPhones

Google helps Apple safeguard iOS-powered iPhones

Google Project Zero researchers found several security loopholes in the Apple iOS, which left millions of iPhones vulnerable to hacking and espionage.

Google's security researchers of Project Zero uncovered major flaws in iOS, which might have compromised the security of millions of Apple iPhones around the world.

After a detailed investigation, the Threat Analysis Group (TAG) of Project Zero detected five exploit-chains with 14 vulnerabilities, in all the versions from old iOS 10 to the latest iteration- iOS 12 series impacting iPhone 5S to iPhone X, which forms a very big user-base of more than 800 million.

Modus operandi of iPhone hackers:
After discovering the vulnerabilities in iOS, the cybercriminals hacked some high-traffic density websites and even created fake ones. 

Once the naive user opened the infected website on their iPhone, the bad actors would implant a bug that can remain undetected. Once inside, it is capable of stealing sensitive information from iMessage, WhatsApp, Telegram, Hangouts, Gmail, Contacts, Photos and also track GPS location in real-time.

It has come to the light that the hackers have been actively running the shady campaign infecting iPhones for two years. There is no information on how many iPhones have been compromised so far, but Project Zero report says the hacked website witnesses thousands of visitors per week.

It's ironic that arch-rival Google, which always gets brickbats for not doing enough protecting Android-powered phones from malware-faced apps in Play Store, is the one to find a hole (a gaping one) in the Apple's high-walled garden called iOS.

Read more | Trojan Android PDF converter app found on Google Play

This is a rare oversight by Apple, as it proclaims to be the champion of privacy, but could not detect so many severe security loopholes in the iOS. 

Google informed Apple about the anomalies in the iOS software in early 2019 and after going through the inputs, the former released a software update iOS 12.1.4 in early February to patch the glitches.


Major security flaws in iOS 10 to v12 has compromised millions of iPhones (Photo Credit: Google Project Zero Blog)

It can be noted that Apple, earlier in the week, released iOS 12.4.1 to the iPhones and iPads. In the latest update, the company did say, it has fixed several security issues including plugging the loophole to jailbreak an iPhone.

"Real users make risk decisions based on the public perception of the security of these devices. The reality remains that security protections will never eliminate the risk of attack if you're being targeted. To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group. All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them," Ian Beer, Project Zero, said in the blog post.

Here's How to safeguard your mobile phone from adware and other malicious threats:
1) Whether you have an Android mobile or iOS-based iPhone, always stay updated with the latest software. Both Google and Apple send regularly send firmware — especially security patches monthly or on a priority basis, whenever they detect threats. So, make sure you install the latest software.
2) Another good practice is to install a premium Antivirus software on mobile, which offer 24x7 protection. They are equipped to detect threats quickly whenever you unknowingly visit a shady website
3) Never ever open emails or SMS and click URL links sent from unknown senders 
4) Also, never install apps from unfamiliar publishers. 
5) Always download apps from Google Play or Apple App store only. Never install from any third-party app store.

Get the latest news on new launches, gadget reviews, apps and more on personal technology only on DH Tech.