The Israeli NSO's Pegasus spyware hackers didn't need a single click from users to get in and infect their Apple devices. The discovery came thanks to studies by the company's security team, who worked day and night to fix the problem. After the latest software updates, it appears to have succeeded.
It all started after a report that members of the University of Toronto's cybersecurity watchdog, Citizen Lab, had detected on the tampered iPhone of a Saudi activist. An image had arrived on the phone that could not be visible to the user and that managed to exploit the vulnerability of Apple's system in processing images. Thus, all the activities of the person in question could be controlled.
What frightened the researchers was the way in which the hackers managed to enter the man's phone. The peculiarity, in fact, lies in the impossibility of the hacker to realize in any way that someone has perforated his privacy. The method is called "zero click remote exploit", more easily "zero click" or "Forcedentry", as Citizen Lab has defined it, and allows access to the camera, the microphone, to record or write messages and emails. Even piercing the encrypted message system. “This spyware can do everything an iPhone user can do on their device,” summarized a Citizen Lab member.
This suggests why criminals - and even some governments - are a huge step forward in cyber warfare. Since March, it has been analyzed that more than 1.65 million Apple devices have been in danger of being affected due to their vulnerability. Precisely because of this risk, Ivan Krstić, head of security for Tim Cook's company, was quick to thank all those of the Citizen Lab who worked on the study and urged the owners of any iPhone, iPad, Mac or Apple Watch to install the various iOS 14.8, MacOS 11.6 and WatchOS 7.6.2. Furthermore, by the end of 2021 the iOS 15 update should include new measures that will prevent situations of this type. Also because, as the Citizen Lab researcher himself explained, messaging apps represent “the soft underbelly of device security. They're ubiquitous, which makes them really attractive, so they're an increasingly common target. They must be a top safety priority. Narrowing the attack surface of chat apps will go a long way in making all of our devices more secure, ”he continued.
Since 2016, activists from the United Arab Emirates in favor of voting expansion, dissidents, Mexican nutritionists pushing for soda taxation, lawyers involved in the investigation into the disappearance of 43 students in Mexico, one American victim of sexual abuse by the Mexican police, even children. Journalists are inevitably included in this list. In December last year, Citizen Lab found that NSO spyware had been used to target the devices of 36 Al Jazeera reporters. For its part, the NSO has denied any kind of involvement in the matter and "will continue to provide intelligence and law enforcement services around the world with life-saving technologies to combat terrorism and crime."
The story is the next chapter of that of last July, when the collaboration between Amnesty International and Forbidden Stories raised the problem regarding “The Pegasus Project”, which came into possession of 50,000 private telephone numbers. These did not belong only to ordinary people, but also to heads of state. Fourteen, to be precise, including the French Emmanuel Macron, the South African Cyril Ramaphosa, the Pakistani Prime Minister Imran Khan, his Egyptian counterpart Mostafa Madbouly and that of Saad-Eddine El Othmani, no longer Prime Minister of Morocco for just a few days . They are joined by the President of the European Council Charles Michel. Concrete evidence to support that this list was official, however, has not arrived.
Yet the "zero click" method has been under observation for some time and for the Citizen Lab researchers this is finally proof of its responsibility in introducing itself into the technological tools of others. Not good news for Apple, just on the day when it is ready to unveil its new iPhone 13 to the world. The first thing to do is the suggested update, just to avoid unpleasant inconveniences.
Share viaNo related posts.