
Google says hackers have put 'monitoring implants' in iPhones for years - adrianmsmith
https://www.theguardian.com/technology/2019/aug/30/hackers-monitoring-implants-iphones-google-says
======
snazz
You can read about it from Project Zero here:
[https://googleprojectzero.blogspot.com/2019/08/a-very-
deep-d...](https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-
into-ios-exploit.html)

That page answers all your questions about which devices were vulnerable and
for how long.

Note that this article is also currently in the #1 spot on HN.

~~~
fergbrain
Google TAG gave Apple a 7-day deadline...and Apple met it. That’s amazing.

------
kerng
Interesting, article but lacking a lot of details.

This coming from Google, a direct competitor, certainly also looks a bit
marketing phishy.

After the very recent large scale Google Play malware campaigns were uncovered
(like CamScanner) it appears also pretty well timed to distract and divert
from Google's own problems.

~~~
tyingq
It is interesting, given that Google's approval process for apps seems
obviously less comprehensive than Apple's. Of course, neither is perfect.

------
gaspoweredcat
they fail to note which versions/devices are vulnerable, i suspect this must
use some sort of webkit jailbreak method which only works against a handful of
vulnerable device/os combos (they may have an 0day which works against every
ios variant but i highly doubt it)

yet more overly sensational articles that miss the finer details and only
serve to fill people up with fear and doubt. le sigh

~~~
tetromino_
Basically all supported iPhone models (5s through X inclusive) were not just
vulnerable but _actively exploited_ for over 2 years (September 2016 through
January 2019) until the vulnerabilities were fixed in iOS 12.1.4. The attack
was through the web browser, you didn't need to install any additional any
additional apps to get hacked, visiting the attacker's website was enough.
This is as bad as it sounds.

[https://googleprojectzero.blogspot.com/2019/08/a-very-
deep-d...](https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-
into-ios-exploit.html?m=1)

~~~
gaspoweredcat
well shut my mouth, that is far more advanced than i expected it to be, hats
off to them for actually getting it to work on that level in the wild rather
than just in lab settings is pretty damn impressive

i know im probably supposed to say its "bad" or "evil" but that doesnt mean i
cant be technically impressed, i was one of the poor unfortunate fools to get
a system crushed by the CIH virus back in the day but it didnt stop me being
pretty blown away at what it did

------
bhouston
Who was behind this one? This seems to be incredibly severe.

