Ian Beer of Google’s security research team, called Project Zero, wrote in a blog post that the websites had “thousands of visitors” per week for at least two years. The spyware was able to access users’ personal data, including messages, photos, and locations, according to Google. Apple did not immediately comment on Google’s findings. But the apparent security vulnerability should be a “wake up call” for the iPhone maker, according to an opinion piece in Tom’s Guide.
The pieces argues that Apple’s iOS had long been the “gold standard” operating system for security. The Google researchers’ revelation suggests that iPhones may not be as safe as previously assumed.
Former Facebook security head Alex Stamos said Apple’s lack of transparency and tight control over the iOS ecosystem may have contributed to the problem. “If Apple isn’t going to put in the work necessary to protect users then they should let others do so,” Stamos tweeted.
As CNBC reports, Google’s research feeds into such jabs against Apple’s campaign to differentiate itself based on privacy and security. “Tim Cook has personally lobbed attacks at the security and privacy issues affecting companies like Google and Facebook, and Project Zero has taken direct aim at that with this post,” according to CNBC. The CNBC report further notes that certain vulnerability identified by Google had already been fixed.
A state-base actor, likely China, used the malicious sites to target Uighur Muslims, reports TechCrunch, citing “sources familiar with the matter.” Microsoft and Android operating system users were also targeted, reports Forbes, citing its own sources.
One group apparently not much concerned by the disclosure: investors. Apple shares were down only modestly in trading the day after the Project Zero post, reports TheStreet.com.
In the blog post, Beer wrote that while he didn’t want to put a price tag on the attacks, the cost seemed like more than “$1 million, $2 million, or $20 million” due to the hackers’ ability to “monitor the private activities of entire populations in real time.”