Google’s security researchers have found evidence of a two-year long attack on iPhones.
A significant hacking campaign potentially affecting hundreds of thousands of iPhones was said to be carried out using websites which would discreetly implant malicious software. This software trawled iPhones for contacts, images and data.
Security researchers at Google revealed the attacks in a series of blog posts late on Thursday.
“There was no target discrimination,” said British cybersecurity expert Ian Beer, a member of Project Zero, Google’s taskforce for finding new security vulnerabilities. “Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant.”
The attack meant that hackers could have access to images and GPS locations. The implant would then relay information back to an external server every minute.
The implant could also track data on the app that an iPhone user was currently on, such as Instagram or WhatsApp. The examples listed by Google’s blog included Gmail and Hangouts.
Google’s analysis suggested the infected websites could have been visited thousands of times per week.
This comes as unwelcome news for Apple. The tech giant has just announced that its next product launch event will take place in Silicon Valley on September 10.
Google’s security warning followed Apple’s recent apology for failing to disclose that freelance contractors were listening to customers’ voice recordings when they used Siri. The company also admitted a few weeks ago that iPhone sales had dropped for the same period last year.
Apple is thought to have other long-term focuses away from the iPhone. Patents filed indicate that the company is interested in pursuing an AR headset in the future.