Skip to main content

Google says hackers have been able to access your iPhone data for years

Image used with permission by copyright holder

iPhones from iOS 10 to recent versions of iOS 12 were open to having messages, images, and location data stolen by hackers through a web-based exploit, according to Google’s external security & research blog, Google Project Zero.

As part of a 30-month-long operation, researchers were able to take advantage of an exploit in Apple’s default web browser, Safari, to load malware onto devices. Simply landing on an infected webpage was all that was needed to infect an iOS device, and once deployed, the malware allowed hackers to access sensitive data from across the device. According to the extensive blog post, the earliest version of iOS infected by this exploit was iOS 10.0.1, meaning the security hole was likely in existence from at least September 2016.

Recommended Videos

Once the malware was loaded, the hacker had access to a wide variety of data from the infected device. The final post of the blog contains minute details of the data that could be siphoned from various apps. This included messages from WhatsApp, Telegram, and other otherwise secure messaging apps, accurate location data, and contact details. The malware could even take copies of images and emails received on the device, all without the user’s knowledge.

Please enable Javascript to view this content

The malware would send an update every 60 seconds, ensuring the hacker always had an up-to-date version of all the stolen data. On the plus side, the hack could be cleared out by restarting a device, as the malware would not be stored in the local memory. As another side effect, this constant updating would also be likely to take a severe toll on the device’s battery life.

Thankfully for iOS users, Google reported this exploit to Apple on February 1 and it was apparently fixed via a security patch on February 7. However, that probably only accounts for devices on the latest version of iOS, iOS 12. While unverified, users of iPhones running older versions of iOS should be aware that this exploit potentially still exists. According to Apple, that only accounts for 12% of all active iOS devices, but it’s still a hefty chunk of users.

If you’re not sure what version of iOS you’re running, head to Settings > General > About, and see which version of iOS is listed under Software Version.

While always good advice, be careful of the websites you visit and avoid any clicking on any suspicious links. If you suspect you have been infected, restart your device to hopefully clear the malware. However, just because the malware has been cleared doesn’t mean you’re out of the woods yet. According to Google’s Ian Beer, “given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device”.

With that in mind, the only real solution to the exploit may well be upgrading to a new iPhone. The latest versions of iOS 12 (soon to be iOS 13) have been immunized against the exploit, so you’ll be able to surf in peace.

We have reached out to Apple for comment and will update when we hear back.

Mark Jansen
Mobile Evergreen Editor
Mark Jansen is an avid follower of everything that beeps, bloops, or makes pretty lights. He has a degree in Ancient &…
Some iPhone users report overheating when using Apple Intelligence
The Nomad Magnetic Leather Back on the iPhone 16 Pro Max

After a long wait, iOS 18.2 has finally rolled out to the public at large and unlocked more Apple Intelligence features like Image Playground, Genmoji, and an upgraded Mail app. It might have also introduced a way to keep your hands warm on these frosty winter days, according to some users.

Reddit user u/dsdxp posted on the iPhone subreddit that they had unlocked a secret feature in the iPhone 16 Pro. The comment was obviously sardonic, but many other users responded with their own stories of troubling temperatures from their iPhones. The common element between all of the stories was the Image Playground app and the excessive heat it creates while in use.

Read more
Apple is about to stop selling multiple iPhones in Europe. Here’s why
The iPhone 14 Plus held in a man's hand.

The iPhone SE and iPhone 14 series will no longer be available for purchase in Europe at the end of the year. In an effort to make technology more consumer-friendly, the European Union ruled that any mobile device sold must be able to charge through USB-C, according to iGeneration. While more modern entries in Apple's lineup already meet those guidelines, the iPhone SE and iPhone 14 do not.

These aren't the newest additions to Apple's lineup, but the iPhone SE and the iPhone 14 series are still sold in Europe. These will be pulled from shelves as the deadline approaches. Customers have plenty of options, but this decision will leave the European market without an iPhone SE option until the next model releases in 2025.

Read more
Apple’s mysterious iPhone 17 Air is one step closer to becoming a reality
A render of the iPhone Air.

For months, rumors have indicated that Apple plans to remove the iPhone Plus from the 2025 iPhone 17 lineup, and replace it with an entirely new model that might be called the “iPhone 17 Air.” A new report suggests that this phone is now closer to becoming a reality.

According to Digitimes, the new phone has entered the initial stage of manufacturing, known as the new product introduction (NPI) phase. At this stage, Apple and its manufacturing partners finalize a blueprint for creating the phone. It's a significant step in the process.

Read more