Google: Hackers have been monitoring and stealing iPhone user data for years

A large scale phone-hacking operation, which is said to have affected thousands of phones a week, has been revealed by Google researchers. The operation, which was disrupted by one of Google’s teams in January, had been going on for around two and a half years, putting thousands of people at risk.

According to Ian Beer, a security researcher from Google’s Project Zero, hackers were able to access device keychains – containing a wealth of personal information such as passwords – as well as chat histories, address books, banking data and more. Minute by minute location updates were also sent to hackers during the unprecedented breach.

Worryingly, almost no one was safe from the data breach, as the operation used a handful of hacked websites that installed malware onto user’s iPhones; all a person needed to do was visit the site, with no other significant interaction required. Even phones fully up-to-date could be targeted.

One piece of good news, however, is that the hack was only temporary – once users restarted their phones, the implant disappeared. Unfortunately, this doesn’t completely prevent hackers from stealing and storing private information from iPhone users, which could be used to access personal accounts well into the future.

Beer said that the majority of flaws were found in Safari, Apple’s default web browser. All in all 14 bugs were found across five exploit chains, covering almost every version of iOS from 10 through to the latest version of iOS 12. These ‘chains’ are a series of flaws that allow hackers to move from one bug to the next, increasing the size of their attacks each time.

According to Google, the security flaw was reported to Apple on 1 February, Apple then released a software update six days later on 7 February, apparently fixing the flaws affecting users.

What to do if you think you’ve been affected by the breach

Every iPhone user should check their device to ensure it’s running the latest iOS – iOS 12.1.4 – and consider changing the passwords and login details for any apps and services they are currently or have previously been subscribed to.

Users can check which iOs version they are currently running by navigating to settings | general | software update.