Google’s Project Zero aims to find security flaws in all software. The team just released a slew of damaging information about iPhone vulnerabilities.
Security and privacy are important features to users. Although people are more than willing to disclose personal information on social media, they tend to fear privacy violations at a more institutional level. NSA spying and foreign cyber attacks, amongst other concerns, have consumers preferring privacy.
Google’s Project Zero has been finding vulnerabilities in software, and for the most part, has been responsible about releasing this information. Thursday, the Mountain View company released a slew of damning information about iPhone vulnerabilities, just weeks before the new iPhone models are slated to launch. Many of these flaws are already known and have been fixed by Apple.
Project Zero alleges that a few malicious websites have been able to install monitoring code on iOS from iOS 10 through iOS 12. Apple has, in their analysis, let these flaws pass through to releases without adequate quality assurance.
The report does admit that Apple fixed security flaws presented on February 1, 2019 within a week. It goes on, in great detail, chronicling five different iOS exploit chains. The report claims that millions of people were being monitored due to these security flaws. Beyond surveillance, no other harms were detected.
This report comes at an inopportune time for Apple. With a new set of iPhone models ready to launch in a few weeks, this information undermines Apple’s privacy claims. In fact, the report alleges that Apple users had their privacy violated in a significant way:
“Real users make risk decisions based on the public perception of the security of these devices. The reality remains that
security protections will never eliminate the risk of attack if you’re being targeted.
To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group. All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”
Although Google’s Project Zero aims to be impartial, the timing of this release is questionable. It remains to be seen whether such information will sway smartphone purchasing decisions. At the end of the day, iPhone customers may just stick with the devil they know.