Google Project Zero reveals malicious websites habitually attacked iPhones for years

iphone 6 plus
An iPhone 6 Plus William Hook/Flickr

The security researchers at Google have found a number of malicious websites, if visited, would easily hack into a victim's iPhone by exploiting a set of previously undisclosed software flaws.

Google's Project Zero, which is a team of security analysts employed by the tech giant on a task to find zero-day vulnerabilities, said that the websites were visited thousands of times per week by unsuspecting victims and they described it as "indiscriminate" attack.

Ian Beer, a security researcher at Project Zero said that visiting the hacked site was enough for the exploit server to attack a user's device and if successful, would "install a monitoring implant" and these websites had been hacking iPhones over at least two years.

The researchers from Project Zero said that during the process they detected five distinct exploit chains involving 12 separate security flaws, which include Safari, the inbuilt web browser of iPhones.

Ian Beer explained that five separate attack chains allowed an attacker to gain "root" access to the device and while doing so attackers could gain access to the iPhone's full range of features which are normally off-limits to the user.

It also means that an attacker could very easily install malicious apps to spy on an iPhone owner to steal details without letting him know. As per Google's Threat Analysis Group (TAG), such vulnerabilities were used to steal a user's photos and messages, as well as track their immediate location and, could access on-device bank details and saved passwords.

The analysis also revealed that these vulnerabilities affect iOS 10 through to the current software version iOS 12.

Google released the analysis on these vulnerabilities in February and then Apple issued a fix with iOS 12.1.4 for iPhone 5s and iPad Air and later.

It should be noted that Apple recently increased its maximum bug bounty payout to $1 million for security researchers who find flaws that can target an iPhone and gain root-level privileges without making the user know about the invader.

However, as per Project Zero's Ian Beer, it's possible other hacking campaigns are currently in action.