Israeli cyber security firm NSO Group’s invasive spyware enables hackers to deploy security attacks in Apple’s iMessage service using zero-click malware, allowing hackers to take hold of iPhones without any interaction from the victim.
Apple has warned its customers about the security issue and issued an emergency software update to fix the critical vulnerability in its products — iPhone, iPad, Apple Watch and Mac computer.
Security researchers at Citizen Lab, a cybersecurity watchdog at the University of Toronto, uncovered the flaw. They say Apple’s efforts to resolve the issue have not been working, and that there are other steps the company could take to protect its most at-risk users.
“It’s frustrating to think that there is still this un-deletable app on iOS that can accept data and messages from anyone,” Patrick Wardle, a macOS and iOS security researcher, told Wired. “If somebody has a zero-click iMessage exploit, they can just send it from anywhere in the world at any time and hit you.”
Spyware is defined as unwanted software that infiltrates a computer or device, often without a person’s knowledge, stealing internet usage data and sensitive information or damaging the device.
The zero-click spyware, called Pegasus, is considered the Holy Grail of surveillance because it allows governments, mercenaries and criminals to secretly break into someone’s device without tipping the victim off. In the past, victims would receive a suspicious link via text or email tipping them off that they’d been hacked. NSO’s zero-click spyware eliminates the tip-off.
Listen to GHOGH with Jamarlin Martin | Episode 74: Jamarlin Martin Jamarlin returns for a new season of the GHOGH podcast to discuss Bitcoin, bubbles, and Biden. He talks about the risk factors for Bitcoin as an investment asset including origin risk, speculative market structure, regulatory, and environment. Are broader financial markets in a massive speculative bubble?
Pegasus also allows the hacker to take over a smartphone in real time without any interaction with the target, turning targets phones into remotely operated spying devices.
Such spyware security attacks have previously been orchestrated against high-profile targets around the world.
A New York Times story claimed that Israel’s NSO helped Saudi Arabia spy on Washington Post journalist Jamal Khashoggi before he was murdered in the Saudi Arabian consulate in Istanbul, Turkey in October 2018.
A New York Times story claimed that NSO helped Saudi Arabia spy on Washington Post journalist Jamal Khashoggi, who was murdered in the Saudi Arabian consulate in Istanbul, Turkey, in October 2018. NSO was also previously accused of targeting Omar Abdulaziz, a close associate of Khashoggi.
Apple’s head of security engineering and architecture, Ivan Krstić, thanked Citizen Lab on Monday for its findings and urged customers to run the latest software updates for the fixes to take effect, by installing iOS 14.8, MacOS 11.6 and WatchOS 7.6.2., NYT reported.