According to researchers at Google hackers have been using websites to install “monitoring implants” in iPhones for many years.
The malicious software accesses the users iPhone through thousands of compromised websites that gathers images, contacts and other information on the user’s iPhone.
Ian Beer, from Google’s Project Zero said, “There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, to install a monitoring implant.”
The operating systems which were targeted in the hack range from iOS 10 to iOS 12, this enables the user’s Gmail, WhatsApp and Instagram apps and GPS location data to be hacked.
Beer said, “This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.”
Beer warned although the implant is not saved on Apple’s devices it can again provide access to to hackers when the user “visits a compromised site.”
He added, “Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device.”