A vulnerability has been discovered in the operating systems of iPhones that allows access to the files and databases of end-to-end encrypted apps.
Investigators at Google’s research team, Project Zero, found that WhatsApp, iMessage, Gmail, along with many other applications, can be accessed through a vulnerability in the phone’s software.
Through the flaw, hackers can make complete copies of the information on a victim’s phone with the aim of stealing valuable data.
Sending fake messages
Despite the discovery of the vulnerability, hackers have already managed to break into a few devices where they accessed messaging apps as well as personal files.
Project Zero has released a statement saying that when the communication boards are hacked, they send out messages as plain text over a server. Ian Beer who works for Project Zero says, “The implant runs completely in userspace, albeit unsandboxed and as root with entitlements chosen by the attacker to ensure they can still access all the private data they are interested in,”
Beer also discussed in the report that attackers were able to access “almost all” of the personal details that are on the phones. They could then unencrypt the data and add it to their own devices.
The operating systems that experienced the hack have been in the more modern versions of the phones, with iOS 10 through to iOS 12 having been affected. Five complete, separate and unique exploit chains were discovered in the phones.
What to do if a phone is hacked in this way
If a phone becomes attacked, Beer says that the solution is to reboot the device to prevent the exploitative from running. The problem can be triggered to run again if the user visits a compromised website, however.
“Earlier this year, Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day,” The Project Zero representative added.
Apple advises users to update their devices to the latest operating system to prevent flaws.