Massive iOS Hack Raises Questions About Apple’s iPhone, iPad Security

Apple devices are reassuringly expensive. This is a widely held customer belief that Apple banks on, and the (fast approaching) iPhone 11 will put this to the test. But shocking privacy revelations recently challenged that idea, and now an even bigger scandal may leave the company’s 1.4 billion iPhone and iPad users feeling it is rotten to the core.

Owners of Apple's iPhones and iPads unknowingly spent years being left vulnerable to game-changing hacks


Following news Apple secretly paid contractors to listen to audio recordings from users’ iPhones and iPads, we now know virtually every iPhone and iPad on the planet has been open to attack for at least two years. Furthermore, the attack was cheap to do, tricked thousands of owners every week and Apple had no clue it was going on.

Google’s Project Zero security team broke the news (Forbes’ coverage), revealing that hackers quietly developed a system which enabled disparate iOS vulnerabilities to be daisy-chained together to gain complete control of your iPhone or iPad. All owners had to do to be exposed was visit certain websites and Google estimates that thousands of visitors per week did.

Today In: Innovation

Once in, hackers had full access to your photos, contacts, private messages and even encrypted data, such as passwords, held in iOS Keychain – Apple’s password security system.

In a wide-ranging series of interviews, Wired spoke to security experts who described the findings as “terrifying”, “chilling” and likely the work of state-sponsored hackers. Victims “would probably have had no indication that their devices were infected” and it “changes everything we know about iPhone hacking”.

Apple iOS 10, 11 and 12, have been secretly insecure for years. Between them, they support seven generations of iPhones and iPads and a total of 1.4 billion devices.


But perhaps the most remarkable thing is all this went undetected by Apple for years, despite the hackers making “some strangely amateurish mistakes”. This includes using tools which weren’t encrypted (“potentially allowing other hackers to intercept or alter the data the spyware stole in transit”) and hardcoding IP addresses into their malware which could locate the hackers’ own servers.

Which brings us back to the part about Apple devices being reassuringly expensive. In terms of privacy, rivals are no better and while this security breach may be on a scale and of a duration that is unprecedented in mobile (affected iPhones and iPads span seven years), again rivals are not perfect and Apple has issued a fix.

But it is also Apple which has promoted itself as ‘the only tech company you can trust’. So if you are paying Apple its reassuringly expensive price premiums for precisely this advantage, then you have a decision to make. And quickly.