Apple has let down every iPhone user

The discovery that malicious websites have been able to deliver malware to iPhones for years should be a wakeup call for users that Apple puts boasting about security ahead of actual security.
Written by Adrian Kingsley-Hughes, Senior Contributing Editor

If you're an iPhone user, Apple has let you down. Massively. The discovery last week that malicious websites have been able to hack iPhones indiscriminately and with apparent ease for years came as a bit of a shock. The idea that a product that Apple itself bills as being "designed from the ground up" to protect your information could have its security measures ripped to shreds by merely visiting a website, and that this happened for almost three years makes a mockery of Apple's claims of being able to protect users and their data.

A bigger embarrassment is that this attack on iPhone users was uncovered not by Apple, but by its arch-rival in the smartphone space, Google.

Must readThe 2019 iPhone 11 will be annoying, boring, and expensive

The scale of this exploit should also shock users. By simply visiting a website, the hackers could use exploits to deliver payloads that could "steal private data like iMessages, photos and GPS location in real-time" without the user having to install anything or be duped into running some app.

The hackers also had access to user keychains, which contains passwords, and the databases of various end-to-end encrypted messaging apps, such as Telegram and WhatsApp.

Right now, it's impossible to know the size and scale of this attack, and how much private information belonging to users is circulating. Were you a victim? Was I? What information is now in the wild?

I don't know. And that's pretty scary.

So, Apple has a big job on its hands to regain user trust.

With the iPhone launch scheduled for September 10, this would be a perfect time for Apple to come clean about this, explain to users what happened and why it failed to spot this attack for several years, and what it intends to do to prevent this from happening in the future.

But I'm not holding my breath. At best, I expect Tim Cook to make a frowny face, utter a few conciliatory words, and play down the scale of this attack, before going back to the regularly scheduled program that involves taking cheap shots at how slow Android adoption rates are and how Google can't be trusted with private data.

And then, I bet that Apple will try to bury this mess under the shiny glitz of a new iPhone.

For a company that wants people to trust it with some of their most sensitive information, from personal communications to financial information to health data, Apple's silence on this matter is deeply troubling. Yes, the vulnerabilities were fixed, but Apple made no effort to inform iPhone users of this issue, leaving everyone in the dark. This is particularly worrying since the attackers could still be using stolen authentication tokens to access victim's data.

Do you trust Apple to keep your most private and sensitive data safe? Let me know below!

YubiKey 5Ci: USB-C and Lightning Security Key

Related stories:

Editorial standards