• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

Mobile ID World

Mobile ID World

Identification Revolution

  • Mobile ID
    • What Is Mobile ID?
    • Identity Associations
    • Premier Partners
    • FAQ
  • News
  • Solutions
    • Behavioral
    • Facial Recognition
    • Fingerprint Biometrics
    • Iris Biometrics
    • Second Factor
    • Smart Cards
    • Smartphones
    • Vital
    • Voice
    • Wearable Tech
    • Other
  • Applications
    • Access Control
    • Cloud Technology
    • Commerce
    • Enterprise
    • Healthcare
    • Identification
    • Internet of Things
    • Law Enforcement
    • Strong Online Authentication
  • Exclusive
    • Interviews
    • Featured Articles
    • Podcasts
  • Companies
  • Events

Google Security Researchers Detail Major Attack Against iPhone Users

August 30, 2019

Google Security Researchers Detail Major Attack Against iPhone Users

Thousands of iPhone users may have had their devices hacked by malicious code found in a handful of websites, according to security researchers with Google.

The security vulnerability has been revealed through a new blog post from Google’s Project Zero team member Ian Beer. The post describes a small group of websites that were likely visited thousands of times a week; when users visited the sites on iPhone browsers, malicious code on the sites would seek to gain access to their iPhone devices, and, if successful, install code that would enable the theft of files and the monitoring of location data.

Users could eliminate the implanted code by rebooting their iPhones. But arguably the most serious security threat of the attack is that the malware was designed to try to access the iPhone’s Keychain system, which can contain sensitive information including passwords to various online accounts as well as databases of encrypted messaging apps like WhatsApp and Apple’s iMessage. In cases where the Keychain was compromised, hackers could theoretically still have this sensitive data even after users rebooted their iPhones.

Google’s researchers warned Apple about the security vulnerability in February, and Apple addressed it in an iPhone software update shortly thereafter. But with Google’s Beer noting that the security vulnerabilities affected iOS versions 10 through 12, it’s possible that related hack attacks were being undertaken over the course of two years.

In reporting on the Project Zero post, Motherboard asserts that this security issue may represent one of the largest attacks against iPhone users in the product line’s history.

For Apple, the security vulnerability’s revelation is especially embarrassing given the company’s emphasis on strong security and privacy protections for its devices’ users. And it both highlights and undercuts the value of the kind of sophisticated biometric security measures that Apple has implemented for user authentication: On the one hand, a 3D facial recognition system like the iPhone’s Face ID offers no protection against malware designed to quietly infect the device while it’s in use; yet at the same time, Face ID and other forms of biometric authentication can help to keep digital accounts secure even if the passwords in a user’s Keychain have been compromised.

For his part, Google’s Beer is no Pollyanna on iPhone security, asserting in his post that “for this one campaign that we’ve seen, there are almost certainly others that are yet to be seen.”

Sources: Project Zero, Motherboard, The Verge

Filed Under: Featured, Industry News Tagged With: Apple, Biometric, biometric authentication, biometrics, cybersecurity, digital security, Face ID, facial recognition, hack attacks, iPhone, iPhone security, malware, mobile authentication, mobile biometrics

Related News & Articles

STMicroelectronics Announces New NFC Module for Wearables

Fingerprint Cards Ticks Off Latest Mobile Integrations

Selfie Onboarding Specialist Waves Fees for Ukrainian Businesses, Relief Fund

Primary Sidebar

Register For the Next Virtual Identity Summit

Travel & Hospitality Biometrics Online Summit
Register now!

Tweets

Sponsored Links

FACEPHI is a global leader in Facial Recognition technology and in Mobile Biometrics technologies. With a strong concentration in the financial sector, FacePhi's product is rapidly becoming a service used by banks all over the world. Its implementation doesn’t just save money, it is also a way to attract clients and build loyalty, while increasing the security of transactions for both the customer and the business. To learn more about FacePhi, visit https://www.facephi.com/en/

Recent Posts

  • Four UK MNOs Join Tru.ID’s SIM Authentication Service
  • Engineering VP’s Appointment May Point to NECAM’s Digital ID Ambitions
  • Foundation for Advancing Security Talent to Study Industry’s Hiring Practices
  • Selfie Onboarding Specialist Names New CFO
  • AU10TIX Provides Selfie Onboarding for Israeli Digital Bank

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2022 MobileIDWorld