Apple today released an urgent software update that aims to fix a critical vulnerability in their iOS system. So what’s going on, and what should you as an Apple user do now?
Israeli cyber-espionage company NSO Group has developed a tool that allows them to hack into iPhones, Mac computers and Apple Watches using an unprecedented technique that the company has been using since February.
Researchers from Citizen Lab, a cybersecurity watchdog at the University of Toronto, uncovered the hacking. They had discovered that a Saudi activist’s iPhone had been infected with NSO Group’s Pegasus spyware since February.
Pegasus uses a new method to infect an Apple device for up to six months without the victim’s knowledge. Pegasus is considered the holy grail of surveillance, as it allows governments, mercenaries and criminals to break into smartphones, computers and smartwatches stealthily.
In the past, victims only found out that their devices were infected with spyware after receiving a suspicious link on their phone or email. But with NSO Group’s ‘zero-click’ tool, the victim does not receive such a warning. Instead, the tool gives full access to someone’s digital life. This time, NSO Group is exploiting a security flaw in the Apple messaging app iMessage.
Pegasus can enable a user’s camera and microphone, record messages, texts, emails and calls. Even messages sent through encrypted messaging and phone apps like Signal would not be safe from this tool.
“This spyware can do everything an iPhone user can do on their device and more,” said John Scott-Railton, a researcher at Citizen Lab who worked on the study with his colleague Bill Marczak.
Apple has already launched the urgent update today that should close the leak in the iMessage software. So you should update all your Apple devices as soon as possible. For the iPhone, for example, go to ‘General’ in your settings and then you can choose ‘Software update’ at the top.
An Apple spokesperson also confirms Citizen Lab’s findings, saying the company plans to add spyware barriers to the next iOS 15 software update, which is expected later this year.
No, just this summer, after a joint investigation, The Washington Post and Le Monde found out that Pegasus was being used to hack into the phones of journalists, activists and businessmen around the world.
NSO Group claims it only sells its spyware to governments that adhere to strict human rights standards. The software was originally intended to monitor terrorists and criminals. Still, Pegasus spyware has appeared on the phones of activists, dissidents, lawyers, doctors, nutritionists, and even children in countries like Saudi Arabia, the United Arab Emirates, and Mexico over the past six years.