• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

Mobile ID World

Mobile ID World

Identification Revolution

  • Mobile ID
    • What Is Mobile ID?
    • Identity Associations
    • Premier Partners
    • FAQ
  • News
  • Solutions
    • Behavioral
    • Facial Recognition
    • Fingerprint Biometrics
    • Iris Biometrics
    • Second Factor
    • Smart Cards
    • Smartphones
    • Vital
    • Voice
    • Wearable Tech
    • Other
  • Applications
    • Access Control
    • Cloud Technology
    • Commerce
    • Enterprise
    • Healthcare
    • Identification
    • Internet of Things
    • Law Enforcement
    • Strong Online Authentication
  • Exclusive
    • Interviews
    • Featured Articles
    • Podcasts
  • Companies
  • Events

Google Security Researchers Detail Major Attack Against iPhone Users

August 30, 2019

Google Security Researchers Detail Major Attack Against iPhone Users

Thousands of iPhone users may have had their devices hacked by malicious code found in a handful of websites, according to security researchers with Google.

The security vulnerability has been revealed through a new blog post from Google’s Project Zero team member Ian Beer. The post describes a small group of websites that were likely visited thousands of times a week; when users visited the sites on iPhone browsers, malicious code on the sites would seek to gain access to their iPhone devices, and, if successful, install code that would enable the theft of files and the monitoring of location data.

Users could eliminate the implanted code by rebooting their iPhones. But arguably the most serious security threat of the attack is that the malware was designed to try to access the iPhone’s Keychain system, which can contain sensitive information including passwords to various online accounts as well as databases of encrypted messaging apps like WhatsApp and Apple’s iMessage. In cases where the Keychain was compromised, hackers could theoretically still have this sensitive data even after users rebooted their iPhones.

Google’s researchers warned Apple about the security vulnerability in February, and Apple addressed it in an iPhone software update shortly thereafter. But with Google’s Beer noting that the security vulnerabilities affected iOS versions 10 through 12, it’s possible that related hack attacks were being undertaken over the course of two years.

In reporting on the Project Zero post, Motherboard asserts that this security issue may represent one of the largest attacks against iPhone users in the product line’s history.

For Apple, the security vulnerability’s revelation is especially embarrassing given the company’s emphasis on strong security and privacy protections for its devices’ users. And it both highlights and undercuts the value of the kind of sophisticated biometric security measures that Apple has implemented for user authentication: On the one hand, a 3D facial recognition system like the iPhone’s Face ID offers no protection against malware designed to quietly infect the device while it’s in use; yet at the same time, Face ID and other forms of biometric authentication can help to keep digital accounts secure even if the passwords in a user’s Keychain have been compromised.

For his part, Google’s Beer is no Pollyanna on iPhone security, asserting in his post that “for this one campaign that we’ve seen, there are almost certainly others that are yet to be seen.”

Sources: Project Zero, Motherboard, The Verge

Filed Under: Featured, Industry News Tagged With: Apple, Biometric, biometric authentication, biometrics, cybersecurity, digital security, Face ID, facial recognition, hack attacks, iPhone, iPhone security, malware, mobile authentication, mobile biometrics

Related News & Articles

Samsung Features Qualcomm Processors and Fingerprint Sensors in New S21 Series

Onfido Reports 82% ARR Growth After 2020 Spike in Remote Onboarding Demand

FDA Certifies Medical-Grade ScanWatch Device

Primary Sidebar

Learn About Mobile ID and Aviation

Tweets

Sponsored Links

facetec logo

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

FACEPHI is a global leader in Facial Recognition technology and in Mobile Biometrics technologies. With a strong concentration in the financial sector, FacePhi’s product is rapidly becoming a service used by banks all over the world. Its implementation doesn’t just save money, it is also a way to attract clients and build loyalty, while increasing the security of transactions for both the customer and the business. To learn more about FacePhi, visit https://www.facephi.com/en/

Recent Posts

  • Mastercard Solution Certified Under UK’s Digital ID Framework
  • Transatlantic Digital Traveler Identity Project Gets High-Profile Tech Partner
  • Digital Identity Tech Demo Online Event
  • Mobile ID Comes to Another US Campus
  • New York DMV Developing Mobile Driver’s License

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2023 MobileIDWorld