Skip to main content

Why the latest iPhone hack should worry you no matter what phone you use

Google's Project Zero team dropped a bombshell of a blog post that says malicious websites have hacked iPhones for years whenever someone using one simply visited them. The specifics are interesting if you're into information security, but the gist is that hackers were able to exploit the various levels of iOS security to gain access to private data including photos, passwords, and databases for encrypted messaging apps like WhatsApp and iMessage. And again, all a user had to do was visit a website.

We only hear about an exploit when it's been caught.

Apple promptly patched the vulnerabilities used for these exploits once Google informed it of the findings in February, but still. This went on for over two years and nobody knew except the people involved in stealing the personal data of "thousands of visitors per week." Yikes.

I know most everyone reading this uses an Android phone and probably isn't affected by this in any way. At least, you hope you weren't affected. The scary truth is that there are probably other "hacks" in the wild that work in a very similar way and that your phone is vulnerable.

Hackers (the bad kind of hacker) aren't worried about what type of phone you use. There is a case to be made that iPhone users tend to have more disposable income and are a "better" target when it comes to stealing money, but it's more important to hit as many people as possible if you're trying to steal data. In the U.S. about half of all people with a smartphone use an iPhone, about half use an Android. Doctors, lawyers, and celebrities use Android phones, too. Their passwords, messaging databases, and photos are just as interesting to a hacker.

Android phones are filled with juicy data just like iPhones are.

There aren't a lot of people finding and writing these sorts of attacks, thankfully. There are also not a lot of people trying to find and fix them, either, though. And unfortunately, there isn't much we can do about it.

If you know how to use a proxy service and browse onion links (and no, I'm not going to help you there) you can find places online that sell packages that let you attack smartphones. The easier it is to infect or affect a phone, the higher the price and something that's as automatic as this recent iOS hack that affected even the most recent version are very expensive. But people still buy them, because spending upwards of $3 million dollars for them is a sound investment if you can get enough phones infected. If you can steal a dollar from 3.1 million users, you just turned a tidy profit.

All this should concern you. It doesn't matter if you're the type of person who uses a strong password everywhere and religiously encrypt and lock all your devices or if you're the type who doesn't even have a lock screen in use and all your passwords are "password." You're on the internet right now and there is no guarantee that you won't stumble across a page that has malware of this type embedded. You should use safe practices like only following links you trust from people you trust, but malware is like love and it will find a way.

You don't have to obsess about online security but you should care at least a little.

I'm not going to suggest we go back to a glorious age where no business was done online and risque photos all came from Polaroid Instant Cameras. And you don't need to wear a tinfoil hat and think someone is out to get you every time you pick up your phone. You should, however, care about security just a little bit. Use a company's track record on security whenever you purchase anything that can connect to the internet and keep following the rules like only visiting links you trust, use two-factor authentication when you can, and never using unsecured Wi-Fi.

Remember, this isn't the only exploit of this type out there in the wilds; it was only the one that was caught.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

  • If BB10 was still around, I wonder if it, too, would be vulnerable to the same attacks and infections. Also wondering how much more are people regretting trading in security for apps now since most of the world are on either of the two OS platforms. If this was back in the day, I think CrackBerry forums would be on fire with derisory comments about apples and deserts being rotten while BB forged on. Just a little rhetoric and nostalgia, I suppose.
  • BB10 was my absolute favorite mobile OS. So ahead of it's time. If only the damn developers made and supported apps. There is nothing like the swiping features and HUB integration Blackberry developed and released in 2013. I am satisfied with my Black Edition Blackberry KeyOne but if my Cobalt Blue Classic had an updated kick ass browser I would probably still be using it and my Z30 to this day.
  • I tried to stick with BB as long as I could, too. Still have my 9850, Z10 and Z30 laying around (not to mention PlayBook) for kicks and giggles. IMO, BB10 was way ahead of it's time and flawless (maybe I was just blessed to never have any issues, or maybe it's just been so long that I forgot 😂) It was so good that Apple has been ripping it's features off for years and still hasn't caught up yet. We're talking 8-9 years of constant iOS "evolution" of ripping RIM off. What a joke! It was difficult switching to GS8+ from the PRIV. Probably because I couldn't believe it was the end of the road for BB for me (stupid nostalgia again), but you're right - lack of major developer support made that decision a necessary step. I wish I'd try the KeyOne, but I think the transition would've happened regardless.
  • Seriously? Like you really aren't joking? I found the BB10 gestures to be very unintuitive. And the Hub? OMG was that a mess. I'm amazed that anyone liked it.
  • Sorry Jim. I think you're an overwhelming minority who didn't like the OS. The actual Hub on BB10 (not the watered down Android version) was the absolute best, IMO. To me, opening every single communication app separately to check text, emails, or social media messages is an absolute mess. It's a step backwards. The Hub unified everything and kept everything in one place, and accessible with one swipe to the right. Can't get any more efficient than that. But again, just my opinion. I still have an email widget to the right of the main screen. Some of it is convenience. Some of it is nostalgia. 😂 Too bad the email app doesn't show messages from other apps. I can't stand using the Android version of the Hub. It looks and feels outdated.
  • I didn't like BB either, so I guess with Jim that makes two of us!
  • Be honest... Due to lack of apps, or because it was such a different approach compared to BBOS (7.1 and below) and you just couldn't get used to it?
  • Thank you and thank you for what you guys said about the BB10 OS. Criminally underrated indeed. I miss a lot of the features you guys mentioned...I hope that, perhaps, and that's just me, Android 10 (how ironic...the name) and it's new gestures based UI will resemble BB10...even a little bit.
  • I'd hazard a guess that it also would have vulnerabilities. The main reason it seemed so secure is because so relatively few people actually used it, it wasn't a good target for hackers to spend time trying to find the holes. Here's something my dad always used to say, locks are for honest people. ;)
  • Of course it had weaknesses. There is no such thing as a foolproof or completely secure OS. That includes BB10 for sure. But I think that their security conscious approach when building the OS from the ground up and integrating the various security features it boasted directly in it was a plus. Better to have security baked into an operating system than it being added later on . So maybe the best one could say about BB10 is that it was at least more secure than most. Mind you we are talking about when it launched in 2013, not currently.
  • Thanks for this article Jerry.
  • The general consumer is unfortunately blind to issues revolving around security and privacy. So many just give it away.. Nothing is free. They all want your data to sell you something or target the user. Apple has been trying to take the mantle from Blackberry since it's demise. Unfortunately issues like contracted, non Apple persons listening in on Siri and the likes has not been well received. Perhaps it's time to reconsider just how much trust users have given these tech and mobile companies??
  • Yes. Yes. And Yes.
    Years ago I used to track 'Black Sites' that had a specific IP address for a short time and then moved - they were constantly moving. Yes - they sold exploits and were for hire. They were international. I basically called that the 'Dark Side' - the exploits were - let's say unique and imaginative.
    Yep used to bounce my browsing off of many multiple servers around the world...
    As a past hobbyist Developer I've seen some poor devs that wanted a bunch of money for poor work (good at promises etc but never delivered); and some that were spooky good - even at 16 years old. The spooky good ones are the ones I'm afraid of.
    Flash forward 15+ years and we have people running finances on their personal phone - that's why I am a big fan of frequent OS and security updates.
  • I stopped feeling that you had a valid viewpoint when I saw “ There is a case to be made that iPhone users tend to have more disposable income and are a "better" target when it comes to stealing money,” lmao. Is this a joke? Was this idea from the original iPhone came out and way before financing? I know people that have basically nothing, that have brand new iPhones. And yes, the majority take our personal security online for granted, and don’t pay attention to it. The funny thing is that the people that NEED to think about it, don’t know sites like this exist, or if they do, don’t ever read anything from them.
  • I agree with your first comment. The Note 10+ costs just as much as an iPhone XS Max. It's ridiculous and absurd to think that only iPhone users have money at this point when all new high-end phones are freaking expensive.
  • Just about anyone can buy an iPhone. I bought an XS a few weeks ago: $64 out the door, and the other thousand dollars tacked on our bill in monthly payments. Meanwhile, I had to buy my HTC outright for $800+. No regrets though; the HTC is still better, and I gave the XS to one of the kids.
  • Do some research and get over yourself. Fact is iPhone/Apple users are generally more affluent than Android users. Again it is a fact.
  • At the end of the day, data is data, regardless of the brand of handsets we use, it looks just as appealing to those who would steel it. Information is power and all that that entails.
  • A VPN would prevent these website steals, no?
  • I would say no, but I'll let Jerry chime in. A VPN makes websites think you are in a different location, but they don't prevent malware from installing on your device. The malware does not care if your location is real or not.
  • And because apparently it didn’t just involved iPhones anyway :(
  • It certainly did not just involve iPhones but haters going to hate.
  • But yeah, iPhones are clearly the most dangerous phones on Earth now. Get a nice safe Samsung phone.
  • "Life...uh...finds a way." --Dr. Ian Malcolm
  • Jerry Jerry Jerry. Windows and Android are both effected by this. Apple has patched it and did so back in Feb. Has MS or Google patched anything yet. Oh and why did Google release this outdated info now. Just in time for iPhone announcements is my guess. I guess Google already knows the Pixel 4 will be a huge disappointment.