Categories
All news posts International News

BREAKING NEWS: Apple Products Security Hacked, Invaded by Spyware

BREAKING NEWS: Apple Products Security Hacked, Invaded by Spyware

“The intended targets would not have to click on anything for the attack to work, as there would not be any visible indication that a hack had occurred.”

iPhone, iPad, Apple Watch or Mac computer have been flagged for a major spyware invasion, as cyber surveillance company based in Israel developed a tool to break into Apple (AAPL.O) security, as announced by internet security watchdog group called Citizen Lab.

The spyware code named ‘pegasus’, was developed by Israeli firm, named NSO Group, which defeats security systems designed by Apple in recent years.

All Apple products are reported to be at risk and vulnerable, as the security breach which requires no user interaction and affects all versions of Apple’s iOS, OSX, and watch OS, except for those updated on Monday 13th, September, 2021. Customers are hereby advised to install iOS 14.8, MacOS 11.6 and Watch OS 7.6.2 to prevent their device vulnerability to the spyware attack.

The New York Times report that: “the spyware, called Pegasus, used a novel method to invisibly infect Apple devices without victims’ knowledge. Known as a “zero click remote exploit,” it is considered the Holy Grail of surveillance because it allows governments, mercenaries and criminals to secretly break into someone’s device without tipping the victim off.

“Using the zero-click infection method, Pegasus can turn on a user’s camera and microphone, record messages, texts, emails, calls — even those sent via encrypted messaging and phone apps like Signal — and send them back to NSO’s clients at governments around the world.”

“This spyware can do everything an iPhone user can do on their device and more,” said John Scott-Railton, a senior researcher at Citizen Lab, who teamed up with Bill Marczak, a senior research fellow at Citizen Lab, on the finding.”

The discovery means that more than 1.65 billion Apple products in use worldwide have been vulnerable to NSO’s spyware since at least March. It signals a serious escalation in the cybersecurity arms race, with governments willing to pay whatever it takes to spy on digital communications en masse, and with tech companies, human rights activists and others racing to uncover and fix the latest vulnerabilities that enable such surveillance.

In the past, victims learned their devices were infected by spyware only after receiving a suspicious link texted to their phone or email, and sharing the link with journalists or cybersecurity experts.

But NSO’s zero-click capability meant victims received no such prompt, and the flaw enabled full access to a person’s digital life. Such abilities can fetch millions of dollars on the underground market for hacking tools, where governments are not regulators but are clients and are among the most lucrative spenders.

On Monday, Ivan Krstić, Apple’s head of security engineering and architecture commended Citizen Lab for its findings and urged customers to run the latest software updates for the fixes to take effect, by installing iOS 14.8, MacOS 11.6 and Watch OS 7.6.2.

Recall that, Apple issued an emergency security updates to close a spyware flaw on Monday, 13th September, 2021.

According to a report by Reuters,  Apple in a correspondent, had issued emergency software updates for a critical vulnerability in its products on Monday after security researchers uncovered a flaw that allows highly invasive spyware from Israel’s NSO Group to infect anyone’s iPhone, iPad, Apple Watch or Mac computer without so much as a click.

The discovery is important because of the critical nature of the vulnerability, which requires no user interaction and affects all versions of Apple’s iOS, OSX, and watch OS, except for those updated on Monday.

Apple said it fixed the vulnerability in Monday’s software update, confirming Citizen Lab’s finding.

“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,” said Ivan Krstić, head of Apple Security Engineering and Architecture, in a statement.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”

“While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data,” he added.

An Apple spokesperson declined to comment on whether the hacking technique came from NSO Group.

In a statement to Reuters, NSO did not confirm or deny that it was behind the technique, saying only that it would “continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime.”

‘SOFT UNDERBELLY OF DEVICE SECURITY’

Citizen Lab said it found the malware on the phone of an unnamed Saudi activist and that the phone had been infected with spyware in February. It is unknown how many other users may have been infected.

The intended targets would not have to click on anything for the attack to work. Researchers said they did not believe there would be any visible indication that a hack had occurred.

The vulnerability lies in how iMessage automatically renders images. IMessage has been repeatedly targeted by NSO and other cyber arms dealers, prompting Apple to update its architecture. But that upgrade has not fully protected the system.

“Popular chat apps are at risk of becoming the soft underbelly of device security. Securing them should be top priority,” said Citizen Lab researcher John Scott-Railton.

The U.S. Cybersecurity and Infrastructure Security Agency had no immediate comment.

Citizen Lab said multiple details in the malware overlapped with prior attacks by NSO, including some that were never publicly reported. One process within the hack’s code was named “setframed,” the same name given in a 2020 infection of a device used by a journalist at Al Jazeera, the researchers found.

“The security of devices is increasingly challenged by attackers,” said Citizen Lab researcher Bill Marczak.

A record number of previously unknown attack methods, which can be sold for $1 million or more, have been revealed this year. The attacks are labeled “zero-day” because software companies had zero days’ notice of the problem.

Along with a surge in ransomware attacks against critical infrastructure, the explosion in such attacks has stoked a new focus on cybersecurity in the White House as well as renewed calls for regulation and international agreements to rein in malicious hacking.

The FBI has been investigating NSO, and Israel has set up a senior inter-ministerial team to assess allegations that its spyware has been abused on a global scale.

Although NSO has said it vets the governments it sells to, its ‘Pegasus spyware’ has been found on the phones of activists, journalists and opposition politicians in countries with poor human rights records.

Leave a Reply

Your email address will not be published.

EYE WITNESS
close slider

    SHARE BREAKING NEWS OR DEVELOPING STORY AROUND YOU.

    ×

    Powered by WhatsApp Chat

    × How can I help you?
    %d bloggers like this: