Once we kept all our secrets in diaries and notebooks made of real paper and leather
Cat and mouse
Security Specialists withsoftware developers are constantly forced to play an endless game with hackers, like cat and mouse, looking for weaknesses, creating patches, improving the program code so that it is impossible to crack. In turn, the attackers are also looking for weaknesses, vulnerabilities, but not to fix it, but to use them to steal data. Even very large software corporations cannot foresee all the points, the more complicated the software, the greater the chance of missing something. Interestingly, there are such vulnerabilities, in particular in iOS, that were identified only by hackers, and no one else. One of these was not discovered by Apple specialists for several years, until the Project Zero service from Google found this vulnerability.
This project is named after the Grainvulnerabilities (Zero day) that is, vulnerabilities just discovered, unknown, zero day. The zero day itself is the time when the developer finally finds out about the existing problem. From this moment, time has gone, the reputation of the company depends on how quickly they manage to close the security hole, at which time the vulnerability becomes public. The Project Zero team works in different directions, not only with its software, which is why they found the problem in iOS.
In fact, the sites themselves and their owners, likeusually not aware that they have become dangerous. Hackers, using server vulnerabilities, inject malicious code into them that determines the visitor, that is, their device, and substitutes the necessary code for execution. When the owner of an iPhone or other Apple product lands on such a site (they are quite decent, even useful, it can sometimes be government organizations), then the code carries out an attack on the device. Upon a successful attack on the smartphone, malicious software was installed. The Trojan immediately begins to collect data and send it to the management server.
These messages contain all contacts, maybe images, geolocation data, data of installed applications, including banking applications, social networks, instant messengers. Typically, the interval for sending data is once per minute. Code was injected into sites that used a comprehensive approach to attacking devices, using more than a dozen vulnerabilities. Someone they are closed after the update, someone does not. Most of the vulnerabilities were used in Safari. The experts did not give the addresses of sites that were involved in hacking the iPhone, but the owners of the sites, hosters, and relevant services were notified. Thousands of people visited these sites daily.
Moreover, the vulnerabilities found have been exploited for more than one year, and the most effective method of dealing with such threats is the timely update of the operating system and applications.