Malware

“Most sophisticated spyware ever” found on iPhone – UPDATE NOW

iPhone users across the globe are being urged to immediately apply the latest iOS security patch (v9.3.5) to their devices after a strain of malware named Pegasus, dubbed by experts as the “most sophisticated piece of spyware ever” has been uncovered.

According to researchers at Lookout and CitizenLab, all versions of iOS below and including version 9.3.4 are at risk.

So what is it?

In computer security talk, it’s called a one-click remote jailbreaking zero-day vulnerability.

Okay, so let’s break that down.

The zero-day vulnerability part of that means that the good guys (Apple) didn’t know about the vulnerability until it was already being exploited by the bad guys. The jailbreaking part means that once the vulnerability is exploited on a phone, it gives the bad guys full access to the phone that can bypass Apple’s own security restrictions – in this case access to almost all the data contained within in, including SMS data, access to phone calls, emails and apps like FaceTime, as well as the ability to collect passwords for online accounts.

The one-click part means that the vulnerability can take hold on a victim’s phone simply by luring the user into clicking one link, usually sent via text. That’s enough for the vulnerability to take effect and install the malware.

So basically it’s a devastatingly powerful piece of malware giving someone near-full control of a phone, using an at-the-time unknown vulnerability that requires a mere one-click from the phone user to install.

To clarify, that’s bad. Really, really bad.


Sponsored Content. Continued below...




To make matters worse, security researchers are claiming it is one of the most sophisticated examples of malware they’ve ever seen, that goes to extreme lengths to avoid detection and a “hair-trigger” self-destruct, meaning if someone does find it, it removes all traces of itself.

According to Mike Murray, VP of Security Research and Response at cyber-security company Lookout:

The … vulnerability chain is the first that anyone’s seen of a one-click remote jailbreak of an Apple device. It’s the smoking gun active mobile threat that we’ve always known existed but didn’t yet have proof of. This demonstrates that highly resourced actors see the mobile platform as a fertile target for gathering information about targets and regularly exploit the mobile environment for this purpose.

The vulnerability was found after a UAE human rights activist Ahmed Mansoor received an unsolicited text message on his phone, and security research firms have spent over a month analyzing exactly how the state-of-the-art malware works.

So who’s to blame?

Security firms are tracing back the vulnerability and malware – dubbed Pegasus – to an Israeli cyber warfare company named the NSO Group, a shadowy company that deals with mobile surveillance and spyware.

The NSO Group have previously claimed that their mission is to provide “authorized governments with technology that helps them combat terror and crime” but would not comment on this recent revelation.

Perhaps the only good news here is that the unprecedented sophistication of this threat suggests it is used to spy on high value targets or known terrorists, and wouldn’t necessarily be employed en masse upon the “average Joe” for fear of increasing the chances of detection.

But that won’t be too reassuring for iPhone users who now know their privacy and security are at risk. So seriously, stop what you’re doing and install the latest security patch from Apple that patches up the vulnerabilities.

Share
Published by
Craig Haley