Five sets of security holes to spy on all the content of an iPhone if it has connected to malicious sites. This revelation by Google researchers three days ago had the effect of a bomb. Now, “multiple sources” collected by Forbes suggest that this was part of a campaign also targeting Android and Windows devices.
For at least two years, several malicious sites infected the iPhone that connected to it with spyware with root access, which thus returned the phone information – WhatsApp encrypted messages and iMessage, or geolocation in real-time – to attackers servers. Forbes’ anonymous sources indicate that these sites also attack Android and Windows devices.
According to one source, later approached by TechCrunch, the FBI would then have ordered Google to remove these sites indexing its search engine.
Anonymous sources but credible hypotheses
For now, we do not know the nature of the exploited vulnerabilities. And it is also unclear whether these vulnerabilities are in use to install the same spyware. Therefore, there is no guarantee for the existence of a security patch for Android and Windows. The iOS had been corrected by the February 12.1.4 update, which we remind to install if it is not already done.
The initial post of Google’s Project Zero team only mentioned exploits under iOS. The Mountain View firm was careful not to specify the identity of the hackers. But the scale of the attacks signaled the involvement of a state actor. It would also be logical for a mass spy program to target Android or Windows in addition to iOS. Which is an operating system with only a small market share in emerging countries.