Skip to main content

Google says hackers have been able to access your iPhone data for years

Image used with permission by copyright holder

iPhones from iOS 10 to recent versions of iOS 12 were open to having messages, images, and location data stolen by hackers through a web-based exploit, according to Google’s external security & research blog, Google Project Zero.

As part of a 30-month-long operation, researchers were able to take advantage of an exploit in Apple’s default web browser, Safari, to load malware onto devices. Simply landing on an infected webpage was all that was needed to infect an iOS device, and once deployed, the malware allowed hackers to access sensitive data from across the device. According to the extensive blog post, the earliest version of iOS infected by this exploit was iOS 10.0.1, meaning the security hole was likely in existence from at least September 2016.

Once the malware was loaded, the hacker had access to a wide variety of data from the infected device. The final post of the blog contains minute details of the data that could be siphoned from various apps. This included messages from WhatsApp, Telegram, and other otherwise secure messaging apps, accurate location data, and contact details. The malware could even take copies of images and emails received on the device, all without the user’s knowledge.

The malware would send an update every 60 seconds, ensuring the hacker always had an up-to-date version of all the stolen data. On the plus side, the hack could be cleared out by restarting a device, as the malware would not be stored in the local memory. As another side effect, this constant updating would also be likely to take a severe toll on the device’s battery life.

Thankfully for iOS users, Google reported this exploit to Apple on February 1 and it was apparently fixed via a security patch on February 7. However, that probably only accounts for devices on the latest version of iOS, iOS 12. While unverified, users of iPhones running older versions of iOS should be aware that this exploit potentially still exists. According to Apple, that only accounts for 12% of all active iOS devices, but it’s still a hefty chunk of users.

If you’re not sure what version of iOS you’re running, head to Settings > General > About, and see which version of iOS is listed under Software Version.

While always good advice, be careful of the websites you visit and avoid any clicking on any suspicious links. If you suspect you have been infected, restart your device to hopefully clear the malware. However, just because the malware has been cleared doesn’t mean you’re out of the woods yet. According to Google’s Ian Beer, “given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device”.

With that in mind, the only real solution to the exploit may well be upgrading to a new iPhone. The latest versions of iOS 12 (soon to be iOS 13) have been immunized against the exploit, so you’ll be able to surf in peace.

We have reached out to Apple for comment and will update when we hear back.

Mark Jansen
Mobile Evergreen Editor
Mark Jansen is an avid follower of everything that beeps, bloops, or makes pretty lights. He has a degree in Ancient &…
Will my iPhone get iOS 18? Here’s every supported model
Safari website homepage in iOS 18.

Apple has released iOS 18 to the general public. First announced at the Worldwide Developers Conference (WWDC) in June, the iPhone update features various new features, including a customizable home screen, a revamped Control Center, and changes to first-party apps.

There’s a lot to like here, so you might wonder whether your iPhone qualifies for the update.
Which iPhone models can download iOS 18?
The iPhone 14 Plus (left) and iPhone 15 Plus Andy Boxall / Digital Trends

Read more
The iPhone 16 is giving the iPhone 16 Pro a run for its money
The Camera Control on the iPhone 16.

Apple releases two sets of iPhones every year: the standard and the Pro models. The iPhone 16 series is no different, although its baseline models — the iPhone 16 and iPhone 16 Plus — appear to be performing better than expected and giving their Pro siblings some tough competition.

Ming-Chi Kuo, a respected Apple leaker with a steady track record, recently shared preorder statistics for the latest iPhones. The numbers are surprising, including lower demand for the Pro models. Historically, the iPhone Pro models have driven higher numbers. After all, who doesn't want the absolute top-of-the-line option?

Read more
Your iPhone and Apple Watch are getting huge software updates today
An iPhone home screen with iOS 18.

In June, Apple announced new software features for some of its most popular devices, including the iPhone and Apple Watch. Today, everyone with supported devices will receive the iOS 18 and watchOS 11 updates.

Apple has not officially announced the exact timing for today's new software updates, but they typically follow a consistent process for each update. It looks like iOS 18 and watchOS 11 will likely be released at 10 a.m. PT/1 p.m. ET. In addition to these updates, Apple will release iPadOS 18, macOS Sequoia, and visionOS 2.

Read more