On Thursday, Google's (GOOG, GOOGL) Project Zero posted a notice: “Earlier this year Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day.”
Wired reports the issue was identified on February 1, 2019 and supposedly fixed by Apple (APPL) on February 7, 2019 with the iOS 12.1.14 patch.
This is interesting for a couple reasons:
1) there is a popular belief that Apple products are not vulnerable to viruses or hackers, and
2) most people believe that it is expensive to hack an iPhone — even the FBI needed to hire outside consultants — so victims must be high-value and carefully selected.
As it turns out, neither of these popular assumptions are correct.
Let’s be clear: Anything that can be hacked will be hacked. This is not a thesis; it is not a theory. It is axiomatic. iPhones, Apple products, voting machines, your smart toaster oven… no matter what it is, if it can be hacked, it will be hacked.
What can you do about it? Sadly, for most of us, after taking industry-standard precautions (long passwords, VPNs, etc.), we can only close the barn door after the horse has bolted. Most consumer-grade cybersecurity tools are about as secure as having a plate glass windowed storefront in a high crime area. Most people will just walk by, but someone with intent will simply break the glass and take what they want.
Security peeps, weigh in here. Everyone is going to ask what more can be done: cyber-insurance, living off the grid, end-to-end encryption? What else you got?
