When it comes to security, it was long believed that the iPhone is one of the most heavy-duty devices in terms of hacking - see the case of the 'million dollar dissident' Ahmed Mansour. iPhone hacks are so rare and valuable that today they take an estimated one to two million dollars. And although governments have been using their heaviest weapons for years to obtain data from individual iPhones, a Google Research Team ('Google Project Zero') has now published information showing that hackers have been systematically - and successfully - attacking iPhones for two years.
The hacks were made possible only by a website visit: individual websites used exploit chains that link security vulnerabilities so that hackers can penetrate any layer of digital iOS protection. These rare and complicated code chains took advantage of a total of 14 security flaws and almost every version from iOS 10 to iOS 12 was potentially vulnerable. The sites have been active since at least 2017, with thousands of visitors per week. The research team notes that the operation is almost certainly the biggest known iPhone hacking incident of all time.
Experts say that those iPhone users who have been victims of this attack are unlikely to have received any indication that their devices were infected. Google also failed to mention the websites that served as infection mechanisms, as well as other details about the attackers or who their victims were. Google says they drew Apple's attention to the zero-day iOS vulnerabilities on February 1. Apple then patched them to iOS 12.1.4, released on 7 February.
Although the sum of one to two million dollars for a hacker attack on an iPhone was mentioned above, this only applies to individuals. If you scale this attack to a whole group, the price per case can be very cheap. To be targeted as a victim in such a case, it can be enough to simply be born in a certain geographic region or be part of a certain ethnic group, because for many governments around the world, such malware is exactly what they are looking for.
How can you protect yourself from such risks on the Internet?