Google Android and Apple iPhone users have been put on alert about a ‘silent’ hacking bug
The threat was discovered by Google’s Project Zero team who claimed hackers previously had been able to access some iPhone users’ photos for years.
This was done if users simply visited a website, with the hacking campaign going on for two years.
Google’s Ian Beer, who discovered the bug, said “only a small collection” of websites had the capabilities to carry out the hacking campaign.
These websites are estimated to have received thousands of visitors each week.
Thankfully for Apple fans this bug has now been fixed so is no longer a threat to iPhone users.
In a blog post online Beer said: “There was no target discrimination – simply visiting the hacked site was enough for the exploit server to attack your site.
“And if it was successful, install a monitoring implant.
“We estimate that these sites receive thousands of visitors per week”.
Android makers Google have discovered a new bug which ‘silently’ access victims’ photos
It is not clear how many “thousands” of these visitors were Apple iPhone users.
Nor is it clear whether everyone that visited these compromised websites were themselves hacked or not.
Beer said: “[Google] was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12.
“This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.”
Google’s Project Zero team said the bug affected some iPhone devices
In the aftermath of these findings being released experts at cybersecurity firm SecureData claimed Google Android users may also have been targeted in a similar campaign.
Wicus Ross, a senior researcher at the firm, said: “Data we have collected regarding Apple iOS patch behaviour suggests that users patch frequently.
“The data shows that the adoption rate of new versions are relatively high compared to Android – new model iPhones/iPads will be updated quickly for example.
“However, there are a small percentage of users that do not upgrade to new versions of iOS or even apply security patches.
“These seem to stay constant over time and relate to older iPhone/iPad device models.
“It is these users that are much more likely to be affected by such a type of sustained broad-spectrum attack.”
Ross added: “The Google Project Zero blog post did not reveal much about the compromised web sites besides the ballpark number relating to site visitors.
“We don’t know what percentage of iOS users make up that number, but this is probably irrelevant.
“What is more important is that these types of attacks were happening.
“If this is true for iOS, then there is a good chance Android devices are also being targeted.
“Based on the numbers that we have; it is very likely that a similar campaign targeting Android devices will be much more successful.
“Our research shows that Android users patch behaviour leaves much to be desired.”
The Project Zero member Beer added that, if successful, the bug was able to let hackers access contact info, images and even GPS location.
This information was then sent back to a mystery server, and hackers could also mine information from apps like Instagram, WhatsApp and Gmail.
Google said Apple was notified of the issue on February 1 2019.
The tech giant swiftly patched the flaw six days later to protect users against it.
As always, it’s important to ensure your Apple iPhone is kept up-to-date with the latest software version.
Apple took just six days to patch the bug that Google reported to them
Apple’s support page says: “Keeping your software up to date is one of the most important things you can do to maintain your Apple product’s security”.
Here is how to install the latest software patch on your iPhone…
• Plug your iPhone into a power socket, and connect to a Wi-Fi network
• Tap Settings > General > Software Update
• Tap ‘Download and Install’
• Tap ‘Install’ to update immediately, or tap ‘Later’ and choose ‘Install • Tonight’ to update while your phone is plugged in overnight
• You may have to enter your passcode
• Stay tuned to Express.co.uk for more Apple and Google news