x
This website uses third party cookies exclusively to collect analytics data. If you continue browsing or close this notice, you will accept their use. The EU now requires all sites to display this banner which confuses users and does nothing, actually, to improve your privacy.
Read more on why this law is ignorantLearn about this website's cookiesDisallow cookies
Carlos Fenollosa

Carlos Fenollosa

Engineer, developer, entrepreneur

Carlos Fenollosa — Blog

Thoughts on science and tips for researchers who use computers

Terrifying iPhone implant spreads just by visiting a website

August 30, 2019 — Carlos Fenollosa

A very deep dive into iOS Exploit chains found in the wild (via) is a terrifying read of an iPhone implant that installs itself just by visiting a website and exploits five different 0-day vulnerabilities.

The implant phones back home with root access to all activity on your phone: chats, mails, location, pictures, and more.

I think it is fair to criticize Apple because they allowed an unsigned process running as root, using the network and a lot of battery activity, without any kind of monitoring to detect it. That process should not have been running without being discovered.

Given that an iPhone is not a computer, and not even an advanced user could detect and/or clean the implant, Apple's responsibility should be to start being more serious about the possibility of iPhone viruses.

Vice has a non-geek writeup which, at first, seemed like a bit sensationalist, but given the severity of the breach is probably somewhat warranted.

An awesome feat of engineering, though. Kudos to both the criminals and the researchers who detected it.

Tags: security, mobile, Apple

Comments? Tweet