" At the BlackHat 2019 conference in Las Vegas, Apple announced an extension to more researchers of its Bug Bounty program to detect flaws on the iPhone. With prices over $ 1 million for identifying security holes, among the highest prices in the market "Says cybersecurity researcher and fiction writer Guy-Philippe Goldstein. We finally understand why: in February 2019, Google had informed Apple of many cyber attacks, exploiting the vulnerabilities of almost all operating systems, from iOs 10 to the current version iOs 12. Apple had then released a security patch for the iOs 12.1.
"It is estimated that many thousands of Internet users go to one of these hacked sites every week"
In an article published Thursday, August 29 on the blog of the group of experts in charge of security for Google, the team of "Project Zero" returned to this event. These cyber attacks have targeted several thousand iPhone, said the team after several months of investigation. We also discover in the article that this piracy operation, " blindly ", Targeting groups of people at random, had been using websites for almost two years to implement malware in the iPhone. Google did not want to disclose the list of sites concerned, nor the name or location of people who may have been hacked during this massive attack.
" There is no target in particular; it was enough to visit this hacked site for the operating server to attack your device, and, if successful, install a monitoring software. It is estimated that several thousand Internet users go to one of these hacked sites every week. Says Ian Beer, an expert on Project Zero. The mission of this group of experts affiliated with Google is " make the 0-day difficult ". Translation: Track computer vulnerabilities that have not been published or have no known fix. This implies to make difficult or impossible the existence of flaws against which no palliative or definitive protection exists.
From 2017 to 2019, Google's hacked operation exploited about 14 security flaws in the iPhone's operating systems, seven of which were discovered in the Safari web browser. Once installed on the phone, malicious software runs quietly in the background, " there is no visual indicator to know if it is active Says Ian Beer. " Its goal is the theft of data: files and geolocation data live. The malware returns this stolen data to a server every 60 seconds "Says Project Zero's expert.
WhatsApp, Telegram, iMessage, Hangouts, Gmail Concerned
Hackers have had access to all applications, even those using end-to-end encryption – a communication system where only people who communicate can read exchanged messages – like WhatsApp, Telegram or iMessage. The software retrieves the photos and videos sent or received, the contact details of all contacts and reads the contents of the messages (text, date and time of sending, links exchanged …).
On the iOS version of Google Hangouts, Google experts say hackers have had access to the direct link to download all the images exchanged in conversations. On Gmail, the software managed to download email attachments. All contacts and photos taken by the iPhone, more generally, were sent to a live server, every minute. One of the Project Zero researchers also tested the device in Amsterdam, leaving his phone in his pocket and wandering around the city: the malicious software sent his geolocation in real time, up to once a minute.
Information such as the iPhone model, serial number, total and available storage space, or WiFi activation is also information collected by spyware. Ian Beer says no personal information stored on the phone is safe, however " if the phone is rebooted, the software will no longer work. Unless the user returns to the compromised website ". It still specifies that given the amount of information stolen during the use of the phone " hackers can maintain persistent access to various accounts and services by using credentials, even after losing direct access to the device ".
Who could be behind this attack?
Today difficult to know who could be behind this massive attack. " We are dealing with a group of individuals who are making sustained efforts to hack users from certain communities over a period of at least two years "Ian Beer analyzes. For his part, Guy-Philippe Goldstein is basing himself on the cost of organizing this kind of cyberattacks to propose a profile: " The level of sophistication is quite advanced, knowing that 2 zeroDays of iPhone are selling between $ 100,000 and $ 1 million, hackers have big means. Maybe organized criminal groups or nation-states. Nevertheless, the target appears broad, which could exclude intelligence agencies that have very specific needs in terms of collection or analysis ".
The group at the origin of this attack could also very well constitute a database which could be re-exploited later by " actors with specific needs in terms of political intelligence, technical, military, or in terms of villainous action "Says Guy-Philippe Goldstein. To learn more, it would have been necessary for Google to communicate the websites used to trap iPhone users, but this has not been made public.
Ian Beer said that in this case, the hackers failed, they ended up being unmasked, " but there are certainly others to discover ". It encourages users to be extra careful using any device with Internet access. " Being targeted by an attack may simply mean that one is born in a certain geographic area or belongs to a certain ethnic group. All users must be aware that mass attacks exist and that we must act accordingly. Mobile devices are an integral part of their lives today, but once compromised they can serve as databases and be used against them. "
ON THE SAME SUBJECT :
> Will global cyber war happen?
> We are all cyberfragile
> Cyberattacks: "We will start counting the dead"
> "The tools of cyberwar will be more and more accessible"
> A cyber attack could do "as much damage as a nuclear attack"
> "Cyber war is a permanent war that attacks the foundations of society"
Illustration of a: Montage made from a royalty free image of Pixabay.