Friday December 13, 2019
Home Lead Story iPhone Bug al...

iPhone Bug also Accessed WhatsApp, Telegram Chats, Identify Google Researchers

“We estimate that these sites receive thousands of visitors per week,” said the Google blog post

0
//
google, online tracking
A man walks past a Google sign outside with a span of the Bay Bridge at rear in San Francisco, May 1, 2019. VOA

Google researchers have identified a vulnerability that accessed all the database files on the victim’s iPhone used by end-to-end encryption apps like WhatsApp, Telegram and iMessage.

In one of the biggest attacks against iPhone users, researchers working in Google’s Project Zero team earlier discovered several hacked websites that used security flaws in iPhones to attack users who visited these websites.

The malicious websites may have compromised personal files, messages, and real time location data of iPhone users. After they reported their findings to Apple, the Cupertino-based tech giant patched the vulnerabilities.

Later, they also revealed that the users’ chats in WhatsApp and Telegram were also compromised.

“In the earlier posts, we examined how the attackers gained ‘unsandboxed’ code execution as root on iPhones.”

“The implant has access to all the database files (on the victim’s phone) used by popular end-to-end encryption apps like WhatsApp, Telegram and iMessage,” said Ian Beer from Google’s Project Zero.

The implant was primarily focused on stealing files and uploading live location data.

whatsapp, paytm, UPI-based Pay service
FILE – The WhatsApp app logo is seen on a smartphone in this picture illustration. VOA

“The implant can upload private files used by all apps on the device,” said the researchers.

The researchers were able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12.

“This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years,” said Beer.

The websites delivered their malware indiscriminately and were operational for years, said Google.

Also Read: RBI Extends the Deadline to Update KYC for PhonePe, Paytm

“Earlier this year, Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day,” said Beer.

There was no target discrimination as simply visiting the hacked site was enough for the exploit server to attack the iPhone, and if it was successful, install a monitoring implant.

“We estimate that these sites receive thousands of visitors per week,” said the Google blog post. (IANS)

Next Story

WhatsApp to Take Legal Action Against Businesses Engaged in Abusing Bulk Messaging

"We will continue to provide capabilities to help businesses communicate with their customers," said WhatsApp

0
WhatsApp
WhatsApp on a smartphone device. Pixabay

WhatsApp will take legal action against businesses engaged in or assisting others in abusing automated or bulk messaging on its platform.

The company has built two tools — the WhatsApp Business app and the WhatsApp Business API — to help companies manage customer interactions.

The company said that its products are not intended for bulk or automated messaging, both of which have always been a violation of its terms of service.

“WhatsApp will take legal action against those we determine are engaged in or assisting others in abuse that violates our terms of service, such as automated or bulk messaging, or non-personal use, even if that determination is based on information solely available to us off our platform,” the Facebook-owned platform said in a statement.

For example, off-platform information includes public claims from companies about their ability to use WhatsApp in ways that violate its terms.

whatsapp, paytm, UPI-based Pay service
FILE – The WhatsApp app logo is seen on a smartphone in this picture illustration. VOA

“This serves as notice that we will take legal action against companies for which we only have off-platform evidence of abuse if that abuse continues beyond December 7, 2019, or if those companies are linked to on-platform evidence of abuse before that date,” said WhatsApp.

The platform, on an average, bans over two million accounts per month for bulk or automated behaviour and over 75 per cent of those accounts did not have any recent user reports.

An account that registered five minutes before attempting to send 100 messages in 15 seconds is almost certain to be engaged in abuse, as is an account that attempts to quickly create dozens of groups or add thousands of users to a series of existing groups.

Also Read: Apple Brings iOS, iPadOS 13.3 with a Host of Bug Fixes and Improvements

“Using the on-platform information available within WhatsApp, we’ve found and stopped millions of abusive accounts from operating on our service,” it said.

In addition to technological enforcement, said WhatsApp, it also takes legal action against individuals or companies that it links to on-platform evidence of such abuse.

“We will continue to provide capabilities to help businesses communicate with their customers,” said WhatsApp. (IANS)