Hackers planted spyware on iPhone users’ devices over a two-year period by exploiting a vulnerability in the technology’s operating systems, Google said Friday.
The bad actors targeted a group of infected websites that, when visited by iPhone users, attacked the devices and in some cases installed malware, according to Ian Beer of Project Zero, a team of Google security analysts that investigates cybercrime.
“There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week,” Beer wrote in a blog post.
Using the implant, hackers could access Apple customers’ data, including their passwords and personal contacts, as well as messages sent through iMessage, WhatsApp, Gmail and Google Hangouts, according to Project Zero researchers.
Almost every version of Apple’s iPhone operating system — from iOS 10 through to the latest version of iOS 12 — was vulnerable, he said. Still, it’s unclear how many users might have been affected.
Learn m ore About: Hackers breached iPhones for years, Google says