iPhone Spyware Scandal: “The Worst General Security Failure yet Affecting Apple Devices”
Early last week, a spyware scandal erupted in the United States surrounding the secure nature of iPhones and website searching. For a company that assures its users against general attacks and promotes privacy assurance, Apple has not officially responded to requests for an official statement or commented on its responsibility for the detection of vulnerabilities.
The affected devices included IOS version 10 to 12, with the level of this technology faux pas raising serious industry concerns in regard to general attacks, security risks and privacy assurance for both individuals and organisations. According to Matt Lourens, security manager at Check Point Software Technologies, it is “an alarming game-changer.”
“[It's] an alarming game-changer.” - Matt Lourens
In an attempt at cyber espionage, sensitive data has been captured from apple users, the spyware targeting databases including WhatsApp, iMessage and Telegram text messages, Gmail, photos, contacts and real-time location.
The hacked websites were discovered by Google’s Threat Analysis Group and researchers indicate that the hacking incident has been an ongoing security failure for two years, with thousands of visitors to the websites per week. While researchers have not reported the culprit of the cyber espionage, experts have commented that it has the markings of nation-state effort.
Cyberspies have been targeting mobile users by simply visiting a malware-infected website, transmitting a monitoring implant to the iPhone and infecting the device with sophisticated spyware.
The implant has the capacity to inform the cyberspies of the owner’s email, photos, text messages and real-time location data. A former US government hacker noted that this is “...definitely the most serious iPhone hacking incident that's ever been brought to public attention, both because of the indiscriminate targeting and the amount of data compromised by the implant…”
As a result of the scandal, it has been suggested that smartphone users must be conscious, alert and vigilant to the effects of mass exploitation and employ security measures in response to this awareness. According to Ian Beer, from Google’s elite team of researchers, mobile devices must be treated as “both integral to their modern lives, yet also as devices which, when compromised, can upload their every action into a database to potentially be used against them."
While the iPhone is typically regarded as the most secure customer device on the market, these reports have become disconcerting for Apple customers. Despite the remaining of the vulnerabilities being amended by Apple in late February of this year, thousands of users have been exposed to the vicious malware-laden websites.
“This should be a wake-up call to folks,” commented Will Strafach, a mobile security expert with Sudo Security. “ Anyone on any platform could be potentially get infected with malware.” If privacy assurance is so central to the Apple brand, it is critical that in the future the company focuses on amending its security measures to provide structural security that protects users everywhere.