Skip to main content

Google says hackers have been able to access your iPhone data for years

Image used with permission by copyright holder

iPhones from iOS 10 to recent versions of iOS 12 were open to having messages, images, and location data stolen by hackers through a web-based exploit, according to Google’s external security & research blog, Google Project Zero.

As part of a 30-month-long operation, researchers were able to take advantage of an exploit in Apple’s default web browser, Safari, to load malware onto devices. Simply landing on an infected webpage was all that was needed to infect an iOS device, and once deployed, the malware allowed hackers to access sensitive data from across the device. According to the extensive blog post, the earliest version of iOS infected by this exploit was iOS 10.0.1, meaning the security hole was likely in existence from at least September 2016.

Once the malware was loaded, the hacker had access to a wide variety of data from the infected device. The final post of the blog contains minute details of the data that could be siphoned from various apps. This included messages from WhatsApp, Telegram, and other otherwise secure messaging apps, accurate location data, and contact details. The malware could even take copies of images and emails received on the device, all without the user’s knowledge.

The malware would send an update every 60 seconds, ensuring the hacker always had an up-to-date version of all the stolen data. On the plus side, the hack could be cleared out by restarting a device, as the malware would not be stored in the local memory. As another side effect, this constant updating would also be likely to take a severe toll on the device’s battery life.

Thankfully for iOS users, Google reported this exploit to Apple on February 1 and it was apparently fixed via a security patch on February 7. However, that probably only accounts for devices on the latest version of iOS, iOS 12. While unverified, users of iPhones running older versions of iOS should be aware that this exploit potentially still exists. According to Apple, that only accounts for 12% of all active iOS devices, but it’s still a hefty chunk of users.

If you’re not sure what version of iOS you’re running, head to Settings > General > About, and see which version of iOS is listed under Software Version.

While always good advice, be careful of the websites you visit and avoid any clicking on any suspicious links. If you suspect you have been infected, restart your device to hopefully clear the malware. However, just because the malware has been cleared doesn’t mean you’re out of the woods yet. According to Google’s Ian Beer, “given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device”.

With that in mind, the only real solution to the exploit may well be upgrading to a new iPhone. The latest versions of iOS 12 (soon to be iOS 13) have been immunized against the exploit, so you’ll be able to surf in peace.

We have reached out to Apple for comment and will update when we hear back.

Editors' Recommendations

Mark Jansen
Mark Jansen is an avid follower of everything that beeps, bloops, or makes pretty lights. He has a degree in Ancient &…
UPS worker accused of nabbing $1.3M worth of iPhones and other Apple gear
A MacBook and iPhone in dark red light.

The desirability and high value of iPhones and other Apple devices make the gear a popular target for criminals looking to make a fast buck.

In the latest such case, a now former UPS employee is accused of stealing more than $1.3 million worth of Apple iPhones and laptops from the shipping company’s warehouse in Winnipeg, Canada, before selling them in an operation that continued for seven months, the Winnipeg Free Press reported this week.

Read more
iPhone 16 buyers may be treated to slimmer bezels and bigger screens
Lock Screen on the iPhone 15 Pro Max.

Apple is reportedly planning to further shrink bezels with the upcoming iPhone 16 series. According to Korea’s Sisa Journal, Apple is banking on a new display tech called BRS (Border Reduction Structure) that has allowed suppliers like Samsung, LG, and BOE to reduce the size of the black borders around the screen.

Notably, all four iPhone 16 trims will get the display tech upgrade, but its true benefits will be reserved for the pricier Pro models. The report, citing market research firm Omdia, notes that both the Pro models will see their screen size go up by 0.2 inches thanks to slimmer bezels.

Read more
My iPhone’s keyboard is driving me crazy
Words displayed on an iPhone's screen in the Notes app, with the keyboard below them.

Abe, Ann, Anne, Anna, Ana, Ave, AB’s. These words are the bane of my life, as all too often my iPhone thinks I'm typing them instead of the word “and.” It happens shockingly often, to the point where I begin to think it’s doing it deliberately to troll me.

I’m an iOS keyboard fan, but it’s getting to the point where I’m going to have to make a big change unless Apple does something about it.
It’s always the word 'and'

Read more