.png "back to home page")
Implant Teardown [googleprojectzero.blogspot.com]iPhone hack attack: Google says hackers placed 'monitoring implants' in iPhoneshttps://t.co/mDqa7vEEbW
— ??#Dark2Light? (@ScrapperChris) August 30, 2019
Google says HACKERS spent 2yrs TARGETING & placing monitoring implants in ?
— GaPeach?4Trump (@GA_peach3102) August 30, 2019
The implants have the ABILITY to STEAL PRIVATE DATA, photos & GPS location in real-time.?They where placed on phones of users who visited certain hacked websites #ProjectZerohttps://t.co/uFqcLguXOU pic.twitter.com/Rsl5twn4eZ
iPhone hack attack: Google says hackers placed 'monitoring implants' in iPhoneshttps://t.co/Q68dbBLM3X
— Nicki ??❤️✝️⭐️⭐️⭐️ (@cheerio15) August 30, 2019
iPhone hack attack: Google says hackers placed 'monitoring implants' in iPhoneshttps://t.co/AVeXLtmppp
— Bama fanatic??@fanatic_bama (@Bamafanaticfan1) August 30, 2019
Keeps Just Happening To Google, Facebook, Twitter No Way To Control These Hackers???@GOP @SenateGOP @realDonaldTrump @JudicialWatch
iPhone hack attack: Google says hackers placed 'monitoring implants' in iPhones https://t.co/QodrwseprS #FoxNews
— Cecelia Utnik (@Kintu3) August 30, 2019
Hi Friends, if you have an iPhone please update your software now! BBC News - Google finds 'indiscriminate iPhone attack lasting years' https://t.co/KhcnYHa8db
— Produce Like A Pro (@ProduceLikeAPro) August 30, 2019
Here we go. Surprised no Apple comment yet. They fixed the issue in Feb, but still.https://t.co/YGh9geQEnM
— Dave Lee (@DaveLeeBBC) August 30, 2019
Hackers use Safari bugs to implant malicious software in web sites; see details on what British researcher from Google discovered about this iPhone attack https://t.co/dBWbcCBfwF @BBCNews #cybersecurity #infosec pic.twitter.com/PdcVVaz6Lg
— AT&T Cybersecurity (@attcyber) August 30, 2019
BBC News - Google finds 'indiscriminate iPhone attack lasting years' https://t.co/ayyUowC2o6
— the painter flynn (@thepainterflynn) August 30, 2019
Google finds evidence of attempted mass iPhone hack https://t.co/SYCcSUrCjP
— Hadas Gold (@Hadas_Gold) August 30, 2019
Google has uncovered evidence of a sustained effort to hack large numbers of iPhones over a period of at least two years-cybersecurity experts "discovered a small collection of hacked websites" that exploited vulnerabilities in Apple's (AAPL) smartphones. https://t.co/9H6e30Nxyj
— Amee Vanderpool (@girlsreallyrule) August 30, 2019
Privacy is an illusion in digital world. https://t.co/tJCyPFN8Af
— savic ali (@savicali) August 30, 2019
I’m trying to decide if learning of indiscriminate iOS zero day attacks in the wild is just incredibly concerning, or the biggest iOS security news since the launch of the platform:https://t.co/R4abZiPNZX
— Rich Mogull (@rmogull) August 30, 2019
Strategic iOS Attack —>
— Kenneth Geers (@KennethGeers) August 30, 2019
“rare and intricate chains of code exploited a total of 14 security flaws” https://t.co/b29oTYFoZs
There's a lot to say about the iPhone watering hole attacks, but if you work with vulnerable groups in China this, and the fact that P0 talked about "entire populations", means should you take extra notice of what happened https://t.co/XFlNluJW9H https://t.co/ceIe1kZEsG pic.twitter.com/IrGC7efG4l
— Martijn Grooten (@martijn_grooten) August 30, 2019
This is wild. A group were using hacked websites to indiscriminately exploit iPhones using zero days exploits, and somehow went unnoticed for years.https://t.co/B7KWkH5wrt
— MalwareTech (@MalwareTechBlog) August 30, 2019
As this has filtered from the security community to the mainstream, something's been lost in translation, so I want to be explicit: this is not an aggressive move by Google, and it's not part of the wider conflict between the two companies. https://t.co/QSHKE39Qwl
— alex hern (@alexhern) August 30, 2019
All I am going to say about the iOS exploit chains write up by Project Zero is: “Bloody Hell!”. In the most profound British understatement tone I can muster.https://t.co/SIjWoZC8w9
— Arrigo Triulzi (@cynicalsecurity) August 30, 2019
Thousands of iPhones per week have been indiscriminately hacked for YEARS and no one knew: https://t.co/oqY53SwQid
— Motherboard (@motherboard) August 30, 2019
If Apple allowed browser engine diversity on iOS, then fewer than 100% of iOS users would have been vulnerable over this 2 year period https://t.co/Bed5hTmhn0
— Malte Ubl (@cramforce) August 30, 2019
not to be _dramatic_ but this actually does change everything https://t.co/4VAfjKKis6
— Lily Hay Newman (@lilyhnewman) August 30, 2019
It's darkly ironic that Apple is the company that is demonstrating the end point of late-90's fears about Microsoft.
— Alex Stamos (@alexstamos) August 30, 2019
✅Rent seeking via platform control.
✅Content moderation on behalf of autocracies
✅Risk of software monoculture[1]
[1] https://t.co/8lorOSZxsW
this is crazy crazy crazy crazy crazy. Upends everything I thought I knew about iPhone security. https://t.co/sEs2eUZgfH
— Jason Koebler (@jason_koebler) August 30, 2019
This, plus a hardcoded HTTP IP address is amateur hour. Contrast that with multiple exploit chains and sandbox escapes and it sure sounds like a group with tons of money to buy exploits and little operational experience. So many thoughts right now...https://t.co/dpJMuvk96U pic.twitter.com/0UAHlxbMYc
— Jake Williams (@MalwareJake) August 30, 2019
A dig from a Googler about Apple's ostensibly security-minded (in part) reason for allowing only its own browser engine on iOS & iPadOS. (Chrome, Firefox, etc. are available on iOS, but unlike on MacOS, Windows, Android, are required to use Apple's WebKit browser engine.) https://t.co/DxPLPIW8xk
— Stephen Shankland (@stshank) August 30, 2019
can someone tell me the rationale of google disclosing all this info but not identifying the sites?
— rat king (@MikeIsaac) August 30, 2019
is it in fear of drawing people to them? https://t.co/1nMqswLLgH
Google's Threat Analysis Group found hacked sites being used in watering hole attacks using five distinct iPhone 0-day exploit chains. The websites had thousands of visitors per week. Project Zero's analysis starts here: https://t.co/QRjrvHI3Uw
— Patrick Howell O'Neill (@HowellONeill) August 30, 2019
Apple iOS has been considered the most secure smartphone OS. Disconcerting that flaws could be strung together not only to own the phone, but to do it in bulk for all users visiting a compromised/ing web site. https://t.co/Fj6KmeM90D pic.twitter.com/TZoG87Gzqm
— Jonathan Zittrain (@zittrain) August 30, 2019
The implant was used to steal location data and files like databases of WhatsApp, Telegram, iMessage. So all the user messages, or emails. Copies of contacts, photos, https://t.co/AmWRpbcIHw pic.twitter.com/vUNQDo9noJ
— Lukasz Olejnik (@lukOlejnik) August 30, 2019
As you read this, don’t forget how often various government types have complained that our mobile devices are now too secure for them to investigate crimes. https://t.co/jcXrlFJpOY
— Rob Pegoraro (@robpegoraro) August 30, 2019
Wow. This Project Zero discovery is insane. Some unnamed entity (obviously a government) had 7 Safari 0-days that have been quietly compromising iPhones for years — all the way back to iOS 10. Anyone who visited these unnamed sites were sunk. https://t.co/GKFLOMz7rz
— Daniel Sinclair (@_DanielSinclair) August 30, 2019
HUGE mobile security news: Google found malicious websites indiscriminately hacking iPhones using at least 5 separate exploit chains w/ *14* individual 0days. https://t.co/4ArWjGi6Ra
— Eric Geller (@ericgeller) August 30, 2019
This is like finding a live colossal squid at the beach. Just *one* iOS 0day goes for >$1m. pic.twitter.com/W4m7XOwopl
Terrific drill-down on a web-based iOS exploit chain. But, I can’t find any info on what kind of sites were being used? If they were a tiny cluster in a remote region vs. major multinational, it’s a very different threat level.https://t.co/CZM4SksLMN
— Rene Ritchie (@reneritchie) August 30, 2019
So, people with access to big chunks of network traffic should probably scout for HTTP POSTs to "/list/suc?name=". https://t.co/fnYohmK6q0
— Costin Raiu (@craiu) August 30, 2019
the iOS 0-day/implant that google TAG found just really goes to show you why there is such a big market for iOS 0-days. With the right exposure, its intelligence goldmine that reaps massive dividends.
— The Arcanist (@da_667) August 30, 2019
Many things to learn from this incident, but one is the safety cost of anti-competitive iOS App Store policies.
— Alex Stamos (@alexstamos) August 30, 2019
Chrome/Brave/Firefox are required to use the default WebKit/JS. If Apple isn't going to put in the work necessary to protect users then they should let others do so. https://t.co/Nn6pRl2NLg pic.twitter.com/lEdSjCpfUX
This is a huge find by Google's team. Attribution for these sites is going to be critical to understanding what impact they might have had. https://t.co/MNFW7SakQU
— Alex Stamos (@alexstamos) August 30, 2019
Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years https://t.co/R3Yo1VFVwn
— Shay (@redshoefoto) August 30, 2019
Every #iPhone can be #hacked just by visiting a website, which triggers WebKit #exploits to #attack the #device and deploy a #monitoring implant.
— XUEZ Project (@XUEZcoin) August 30, 2019
It can #steal all the #data from #iOS #users including credentials, authentication tokens, and certificates.https://t.co/H59Ei8twO8
Hackers could have been stealing personal data from your #iPhone for years and you did not even have the slightest clue... until now. https://t.co/spJTZCiiQ5
— Tech2 (@tech2eets) August 30, 2019
Sophisticated iPhone hacking went unnoticed for over two years – Naked Security https://t.co/xdN8lL9QPM@JoannMoretti @JonesBaraza @JBarbosaPR @ApsisInc @robmay70 @gvalan @PontiLeo @missdkingsbury @techpearce @cybersecboardrm @Corix_JC @AshokNellikar
— Philippe Vynckier (@PVynckier) August 30, 2019
This looks important. How can something so incomprehensible to most of the world's population have such information and snooping power over them? https://t.co/8WPSi22LJZ
— Didi Kirsten Tatlow (@dktatlow) August 30, 2019
Implant Teardown https://t.co/PDEm68DkZf
— Project Zero Bugs (@ProjectZeroBugs) August 29, 2019
A series of #iPhone #iOS #exploit(s) found. Stolen: #photography, #contacts, #Gmail, #GPS, all #SMS #data, etc.#dataprotection #datasecurity #CyberSecurity #fintech #cybersec #InfoSec #privacy #dataprivacy #cybersec #BigData #Malware #Apps #Smartphoneshttps://t.co/ZWROtMrwzS pic.twitter.com/y05r7ExWvb
— H.P. (@DataDrivenHenry) August 30, 2019
The iOS implant that was found by Google P0 (https://t.co/J7OZapOY9y) was written in Objective-C. They used IDA Pro, but if they'd used my ObjCGraphView #BinaryNinja plugin, it probably would have been a lot easier!https://t.co/73O4atCMyH
— Josh Watson (@josh_watson) August 30, 2019
Just did an OOB rule push for Apple iPhone implant traffic to ETOPEN.
— ET Labs (@ET_Labs) August 30, 2019
Tks @i41nbeer and crew for the great writeup!https://t.co/gnglKHsJEzhttps://t.co/wwmQujqtah
Which websites were involved??? I feel like they should have released that info so that people could find out if they were impacted. https://t.co/KUEsqQT3C1
— Susan Fowler (@susanthesquark) August 30, 2019
The implant was used to steal location data and files like databases of WhatsApp, Telegram, iMessage. So all the user messages, or emails. Copies of contacts, photos, https://t.co/AmWRpbcIHw pic.twitter.com/vUNQDo9noJ
— Lukasz Olejnik (@lukOlejnik) August 30, 2019
Fuck. This is terrifying. Patch your IOS devices now. https://t.co/erqNBrv8CV
— shut down berks (@katebergt) August 30, 2019
New: this has been the worst year for iPhone security yet
— Joseph Cox (@josephfcox) August 30, 2019
- FaceTime bug that anyone could exploit
- Reintroducing critical vuln that allowed first public jailbreak in years
- Now research that malicious websites w/ 1000s of visitors dropping iOS 0dayhttps://t.co/7ECCVmkcQ7
This month at the Pwnie Awards in Vegas, an Apple employee got on stage to accept an award for the FaceTime bug. It was an embarrassing attack; anyone could exploit it to listen in to audio from someone else's phone/Mac
— Joseph Cox (@josephfcox) August 30, 2019
"We'll do better" the employee said https://t.co/7ECCVmkcQ7 pic.twitter.com/Vecu1PyXKj
Apple’s perception as the secure consumer device is starting to crack. https://t.co/CQGob73zIR
— VICE (@VICE) August 30, 2019
?@Google’s #ProjectZero is back, with some worrying criticisms of @Apple’s software-engineering chops.
— @Richi Jennings (@RiCHi) August 30, 2019
So who says #iOS is safer than @Android? In today’s #SBBlogwatch, we conceive new preconceptions: https://t.co/1PIQWodzDq 1/
“We’re used to iPhone infections being targeted attacks carried out by nation-state adversaries. The idea that someone was infecting all iPhones that visited certain sites is chilling.” -@thomasareed https://t.co/gk3o6MrN2Y @mcwm via @qz
— Malwarebytes (@Malwarebytes) August 30, 2019
update your iPhone https://t.co/6Zaua5hYSB
— Mike Murphy (@mcwm) August 30, 2019
Just did this... https://t.co/asIdlbWOZb
— Arlan ?? (@ArlanWasHere) August 30, 2019
Update your iPhone’s operating system as soon as possible https://t.co/Q4KTBEk3T5
— Quartz (@qz) August 30, 2019
Google researchers detail malicious website exploits that targeted iPhone users for years https://t.co/RyKbyoKpi8 by @ChanceHMiller pic.twitter.com/04zmMytJsb
— 9to5Google.com (@9to5Google) August 30, 2019
Google researchers detail malicious website exploits that targeted iPhone users for years - 9to5Mac https://t.co/a7vzEcKPE6
— ねこさん⚡?Ͷow or Ͷever?(ΦωΦ) (@catnap707) August 30, 2019
"Google’s Threat Analysis Group detected a set of five separate and complete iPhone exploit chains affecting iOS 10 through all versions of iOS 12."
Google unearths 2-year-long iPhone spyware attack https://t.co/rHL8xyLNvE
— Financial Times (@FT) August 30, 2019
"Privacy. That's iPhone." https://t.co/J1WOVoaT3V
— Tim Bradshaw (@tim) August 30, 2019
#Cybersecurity alert: Thousands of #iPhones #hacked. Mass undetected hacking of thousands of iPhones should be a wake-up call to everyone who has dismissed iOS hacking as an outlier phenomenon.
— d.moat Inc (@dmoat_Inc) August 30, 2019
Article: https://t.co/e2ZZHKNb3G@a_greenberg @lilyhnewman @WIRED #Hacking #news #iOS
Well, this was an absolutely nuts turn of events. https://t.co/kHTkzif0Nw If you’re a security researcher pulling any of the loose threads from Google’s initial reveal of this iOS zero day watering hole attack, please get in touch. DMs are open, more contact info in bio.
— Andy Greenberg (@a_greenberg) August 30, 2019
Infosec journalists: please please please stop making this mistake. “...didn't use HTTPS encryption, allowing anyone on the same network as a victim to read or intercept the data it stole in transit.“ https://t.co/WIArOp9VX0
— Chris Palmer (@fugueish) August 30, 2019
So...thousands of iPhones have been hacked that visited certain websites...but we’re not gonna tell you which websites. Strange strategy (to leave the MOST IMPORTANT INFORMATION out):
— Robert Patrick Lewis (@RobertPLewis) August 30, 2019
Mysterious iOS Attack Changes Everything We Know About iPhone Hacking https://t.co/bO8HtoKjuc
can someone tell me the rationale of google disclosing all this info but not identifying the sites?
— rat king (@MikeIsaac) August 30, 2019
is it in fear of drawing people to them? https://t.co/1nMqswLLgH
Here are the details on the biggest iPhone hack ever. And the crazy thing: it was probably a nation state trying to spy on its citizens. https://t.co/cprfRQCd9I
— Nicholas Thompson (@nxthompson) August 30, 2019
Wild story. Google researchers discover hackers have been collecting user info thought to be encrypted from every iPhone visiting certain websites for two years. https://t.co/0hdZB5eqgi pic.twitter.com/k1YNrTWnm9
— Elliott Schwartz (@elliosch) August 30, 2019
Strategic iOS Attack —>
— Kenneth Geers (@KennethGeers) August 30, 2019
“rare and intricate chains of code exploited a total of 14 security flaws” https://t.co/b29oTYFoZs
Mysterious iOS Attack Changes Everything We Know About iPhone Hacking https://t.co/GiWDTxkHJE
— Audrey Renée (@BentleyAudrey) August 30, 2019
구글에 의해 발견된 거대한 해킹을 피하기 위해 아이폰을 업데이트하세요 https://t.co/rJKS5VhX0o
— lunamoth (@lunamoth) August 31, 2019
구글에 의해 발견된 거대한 해킹을 피하기 위해 아이폰을 업데이트하세요 https://t.co/simBZz7nKV
— editoy (@editoy) August 31, 2019
• "해킹된 사이트를 방문하는 것만으로 익스플로잇 서버가 장치를 공격하기에 충분했으며 성공한 경우 감시 임플란트를 설치합니다."
❶ Google finds 'indiscriminate #iPhone attack lasting years'?https://t.co/WXfdIey4jP
— THiNKTaNK (@B2Spirit_TT) August 30, 2019
❷ Malicious websites exploiting previously undisclosed #Software #Bugs were used to secretly #Hack into #iPhones?https://t.co/4GtUII1mk6#CyberSecurity #iTHiNKLabs #Security #Startups #Risk pic.twitter.com/xf8hK2SdUC
#Cybersecurity. BBC News - Google finds 'indiscriminate iPhone attack lasting years' https://t.co/ToEckwHa4s @GlobalCRL @securityaffairs @Marco_Ramilli @ACybaze
— Giulio Terzi (@GiulioTerzi) August 30, 2019
This attack used 12 #vulnerabilities
— Husain Ali Al Lawati (@HusainAliDawood) August 30, 2019
The article does not describe the nature of those and how many of them were a zero day.
The attack itself was a #zeroday because the patches were released afterwards.
#iphone #malware #malwa…https://t.co/u126LqGbrL https://t.co/BMrKeeGBg6
#Google says it discovered major #iPhone security exploits https://t.co/77RrgYbr00 pic.twitter.com/opCspx2SRF
— RT (@RT_com) August 31, 2019
'Simply visiting the hacked site was enough for the exploit server to attack your device...' - Project Zero https://t.co/77RrgYbr00
— RT (@RT_com) August 30, 2019
Google Hackers Reveal Websites Hacked Thousands of iPhone Users Silently for Years. https://t.co/PEKlKauhmu
— FurorRises (@FurorRises) August 31, 2019
Google Hackers Reveal Websites Hacked Thousands of iPhone Users Silently for Years:https://t.co/xRStQL4OVx
— ⒶK #FreeAssange #BOT⌛?☠️?️(₿) (@An0nAKn0wledge) August 30, 2019
⚡Beware #iPhone Users!#Google uncovers how just visiting some sites remotely #HACKED thousands of iPhones 'indiscriminately' to install #spyware.
— Anonymous??️ ? (@YourAnonRiots) August 31, 2019
➤ https://t.co/QEgmbmuSCI
With 5 #iOS exploit chains, this campaign used a total of 14 vulnerabilities for at least 2 years.
https://t.co/NF1yniOLOU
— GOCYBEX an initiative of GCSRT (@gocybex) August 30, 2019
Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today.#hacking #ios #cybersecurity #informationsecurity #artificialintelligence #cyberdefense
iPhones pwned en masse! Researchers discovered 5 exploit chains served on compromised websites capable of remotely hacking most iOS 10 - 12 devices. Delivered an unsandboxed userspace implant running as root with a looping #persistence strategy! https://t.co/KRABpGNv2K pic.twitter.com/Ay7y5iPt4T
— Huntress Labs (@HuntressLabs) August 31, 2019
Looks like there is an IOC to look for... See all the NSLog strings mentioned here?https://t.co/84KxPlIDwA
— Thomas Reed (@thomasareed) August 30, 2019
Connect the phone to a Mac and view the phone’s logs in the Console app. If you see those strings popping up, the phone’s infected!
Hice un memehttps://t.co/7qaD7hVOA5 pic.twitter.com/W8z4LqDs9O
— Aldrin Martoq (@aldrinmartoq) August 30, 2019
This, plus a hardcoded HTTP IP address is amateur hour. Contrast that with multiple exploit chains and sandbox escapes and it sure sounds like a group with tons of money to buy exploits and little operational experience. So many thoughts right now...https://t.co/dpJMuvk96U pic.twitter.com/0UAHlxbMYc
— Jake Williams (@MalwareJake) August 30, 2019
Motherboard This Has Been the Worst Year for iPhone Security Yet: After several high profile attacks and embarrassing slip-ups, Apple’s perception as the secure consumer device is… https://t.co/3uEgwtkVtj #Apple #Hacking #cybersecurity #iPhone #jailbreak Via @motherboard pic.twitter.com/oIzoVk3qSn
— Bradley Jon Eaglefeather (@bjeaglefeather) August 31, 2019
.@Apple has worked hard to establish a reputation for protecting its customers, but Google found “five separate, unique iPhone exploits” in every almost version of iOS 10-12.
— Kape (@Kape_com) August 31, 2019
Systems have flaws - protecting your #privacy requires outside help. #GetKape https://t.co/GDexaYRHjw
For 2 years, someone has been hacking into thousands of iPhones, taking advantage of not just one, but 14 security flaws that gave them complete control of the phones they hacked. https://t.co/JuR7FwFMqY
— Alex Whitcomb (@AlexWhitcomb) August 30, 2019
Mysterious iOS Attack Changes Everything We Know About iPhone Hacking-uh oh. https://t.co/UG9MkhnqIr
— Barbara Malmet (@B52Malmet) August 31, 2019
The largest known #iphone hack to date. This did not target specific users but large populations, potentially thousands of users a day. Giving the bad actors access user data like location, keychain passwords, and message information. https://t.co/ROrVceocBd
— Trey Stokes (@cyberstokes) August 30, 2019
Mysterious iOS Attack Changes Everything We Know About iPhone Hackinghttps://t.co/btxvQwFgyS
— Lance Ulanoff (@LanceUlanoff) August 31, 2019
The iPhone hack?? https://t.co/SspPuchQNC
— Cynthia McKinney PhD (@cynthiamckinney) August 31, 2019
The #iPhone is not as hack-proof as once thought.#Apple #Google #news #cybersecurityhttps://t.co/JN60GTIXyF
— Bob Gragson (@BobGragson) August 31, 2019
Usually “$x changes everything you know about $y” can safely be dismissed as pure clickbait, but unfortunately this is not true in this case. Devastating. https://t.co/HF8U17AZql
— Karin Kosina (@kyrah) August 30, 2019
Mysterious iOS Attack Changes Everything We Know About iPhone Hacking https://t.co/RvUdrYDC2M
— WEDA (@DaPeaple) August 31, 2019
Mysterious iOS Attack Changes Everything We Know About iPhone Hacking https://t.co/7NTpOKEDra #Cybersecurity #Hackers #Cyberattacks #CSO #Cyber #Infosec
— Evan Kirstel (@evankirstel) August 30, 2019