An incredibly massive hacking operation was revealed by the tech giant Google in which “thousands of users a week” were attacked.
According to The Guardian, the hackers “used a small collection of hacked websites to deliver malware on to the iPhones of visitors.” Basically, your information was stolen without your knowledge. You didn’t even have to click anything.
Things only get worse from there:
Once hacked, the user’s deepest secrets were exposed to the attackers. Their location was uploaded every minute; their device’s keychain, containing all their passwords, was uploaded, as were their chat histories on popular apps including WhatsApp, Telegram and iMessage, their address book, and their Gmail database.
The one silver lining is that the implant was not persistent: when the phone was restarted, it was cleared from memory unless the user revisited a compromised site. However, according to Ian Beer, a security researcher at Google: “Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device.”
Fortunately, the operation was discovered in January.
“This was a failure case for the attacker,” Beer said, since the campaign was discovered and disrupted. “For this one campaign that we’ve seen, there are almost certainly others that are yet to be seen.”
So the question remains: what can people do to stop their information from being stolen? Unfortunately, Beer says the answer isn’t clear.
“All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”
Be careful what you click on out there friends. Be safe online.