Here's how hackers used malicious websites to infect iOS, Android and Windows devices
There were 11 such ‘zero-day’ exploits that were in use by the hackers - these are security flaws in software that remain unfixed because only the hacker who found them is aware of their existence.
Ensuring hardware security of devices is a cat-and-mouse game for most companies, with new several flaws being discovered on a daily basis - these are then patched by the companies and pushed to users in the form of a system update. However, sometimes flaws are now found for extended periods of time and are misused by hackers to get a hold of users data.
According to a report from Ars Technica suggests that hackers have been using specially crafted websites to exploit devices running iOS, Android and Microsoft’s Windows. There were 11 such ‘zero-day’ exploits that were in use by the hackers - these are security flaws in software that remain unfixed because only the hacker who found them is aware of their existence. They remained undiscovered for at least eight months.
The attacks were discovered by Google researchers who work at the company’s Project Zero security department. The hackers used a ‘watering-hole attack, which basically means they take control of a website that their target visits and then use those sites to install malware onto users computers or phones. According to the report, the attackers were able to take advantage of the zero-days to gain access to devices, even after they were completely up to date.
In fact, the hackers were so skilled, that they were able to gain access to Apple devices running iOS 11 to iOS 13, along with a full exploit for Google Chrome running on an up-to-date Windows 10. Similarly, Google also found that the attacks also worked on Chrome and Samsung browsers on Android devices running Android 10. Google’s researchers also found that the attackers had managed to find a new exploit for their attacks soon after Google had fixed a security flaw that they were previously using.
This particular case throws light on how your devices can still have security flaws despite being completely up-to-date and patched. The ability of the hackers to get past multiple security protocols put in place just to gain access to the operating system, however, also highlights the need to always ensure all devices are updated - in case your device’s manufacturer has included a fix for a similar security flaw as part of the update.