Estimated reading time: 1 minute, 50 seconds

Google Found a Big iPhone Security Flaw. What Does it Mean?

A claim by Google researchers that malicious websites managed to put spyware on potentially thousands of iPhones has raised questions about the state of Apple’s cybersecurity.

Ian Beer of Google’s security research team, called Project Zero, wrote in a blog post that the websites had “thousands of visitors” per week for at least two years. The spyware was able to access users’ personal data, including messages, photos, and locations, according to Google. Apple did not immediately comment on Google’s findings. But the apparent security vulnerability should be a “wake up call” for the iPhone maker, according to an opinion piece in Tom’s Guide.

The pieces argues that Apple’s iOS had long been the “gold standard” operating system for security. The Google researchers’ revelation suggests that iPhones may not be as safe as previously assumed.

Former Facebook security head Alex Stamos said Apple’s lack of transparency and tight control over the iOS ecosystem may have contributed to the problem. “If Apple isn’t going to put in the work necessary to protect users then they should let others do so,” Stamos tweeted.

As CNBC reports, Google’s research feeds into such jabs against Apple’s campaign to differentiate itself based on privacy and security. “Tim Cook has personally lobbed attacks at the security and privacy issues affecting companies like Google and Facebook, and Project Zero has taken direct aim at that with this post,” according to CNBC. The CNBC report further notes that certain vulnerability identified by Google had already been fixed.

A state-base actor, likely China, used the malicious sites to target Uighur Muslims, reports TechCrunch, citing “sources familiar with the matter.” Microsoft and Android operating system users were also targeted, reports Forbes, citing its own sources.

One group apparently not much concerned by the disclosure: investors. Apple shares were down only modestly in trading the day after the Project Zero post, reports TheStreet.com.

In the blog post, Beer wrote that while he didn’t want to put a price tag on the attacks, the cost seemed like more than “$1 million, $2 million, or $20 million” due to the hackers’ ability to “monitor the private activities of entire populations in real time.”

Read 3404 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.