Last week, Google’s counterespionage group Threat Analysis Group (TAG) published findings of a malware attack that targeted iPhones for “at least two years.” The hack consisted of what is known as a watering-hole attack, where hackers install malware onto specific websites and visitors of those sites unknowingly download the malware to their device. Once installed, hackers were able to monitor user activity and export sensitive information such as passwords, contacts, messages (including encrypted conversation through apps like WhatsApp), and location data.
Google’s TAG team discovered the attack this past January. They notified Apple of the issue on the 1st of February and Apple released a security update seven days later that brought an end to the vulnerability. However, while the updated removed the malware from infected iPhones, any information taken by the attackers remains in their hands.
Despite the in-depth look at the attack that Google released, information on who was behind the attack, what websites were infected, and whose data was stolen have not been verified by either Google or Apple. However, since Google’s report, a number of news sources have started to fill in the pieces. Because of the highly sophisticated nature of the attack, many quickly speculated the attack was nation-state backed. Then, over the weekend TechCrunch released an article with sources claiming the attack infected websites designed to target China’s Uyghur minority. A day later Forbes confirmed TechCrunch’s report, also reporting the attack targeted Android and Windows users too. Google and Apple, for their part, have not confirmed these reports.
Unanswered Questions
News of the attack has raised a lot of questions. Among them, why are we just learning about all this now? While Apple did make note of the exploits in their February update announcement, the language used was such that the scope of the attack was completely unknown until now. While it is always important to apply updates to any device as quickly as possible, it’s possible that without understanding the severity of the attack, many users could have left themselves exposed by putting off the update for another day.
Another reason this news is so important is that Apple is often considered to have some of the most advanced cybersecurity defenses out there. Because of the perception that Apple products — and iPhones in particular — are safe from attack, user’s may not properly understand the risks posed. As Ian Beer, author of the Google report, says, “real users make risk decisions based on the public perception of the security of these devices. The reality remains that security protections will never eliminate the risk of attack if you’re being targeted.”
While this news doesn’t mean iPhone users should go throw their phones away, it does serve as a wake-up call. No matter the device, all users need to take steps to ensure their information is remaining protected, the least of which by updating devices quickly. Because, as Beer states, “for this one campaign that we’ve seen, there are almost certainly others that are yet to be seen.”
