by Dan Moren
Google uncovers a significant iPhone security exploit
In general, iOS has been seen as the most secure consumer platform around. Zero-day exploits have historically been limited and very narrowly targeted, usually by state-sponsored actors.
Earlier this year, Google uncovered a series of vulnerabilities, exploited via websites, that could gain access to iOS’s Keychain, compromising everything from location data to messaging apps. These holes were patched by Apple in iOS 12.1.4 earlier this year, but the bigger impact is how they change the way we think about iOS exploits. Wired’s Andy Greenberg and Lily Hay Newman have a good overview:
It also represents a deep shift in how the security community thinks about rare zero-day attacks and the economics of “targeted” hacking. The campaign should dispel the notion, writes Google Project Zero researcher Ian Beer, that every iPhone hacking victim is a “million dollar dissident,” a nickname given to now-imprisoned UAE human rights activist Ahmed Mansour in 2016 after his iPhone was hacked. Since an iPhone hacking technique was estimated at the time to cost $1 million or more–as much as $2 million today, according to some published prices–attacks against dissidents like Mansour were thought to be expensive, stealthy, and highly focused as a rule.
According to the Google research, thousands of users could have been affected by these exploits–that’s a far cry from those narrower attacks which generally aim for high-profile targets, such as political dissidents.
Instead, these “watering hole” attacks could be used to target whole classes of people–say, minority groups oppressed by a regime, or large swaths of a citizenry–via deployment on websites frequented by those groups. It’s a sobering reminder that as good as a platform’s security might be, it’s never going to be perfect.