Image courtesy: Mint
Apple iPhone owners were advised to upgrade their handsets on Tuesday as the tech giant revealed a remedy for a significant software issue that allows the Pegasus malware to be installed on phones with the click of a button.
While studying the phone of a Saudi activist, cybersecurity specialists at the Citizen Lab, a research centre at the University of Toronto, discovered the vulnerability. Spying software has historically depended on persuading the target to click on a booby-trapped link or file in order to install itself on their phone, tablet, or computer.
“Zero-click elevates that hazard,” said John Scott-Railton, senior researcher at Citizen Lab, the Toronto University cybersecurity centre that found the Apple vulnerability. A zero-click attack allows the programme to infiltrate the device without the user having to be duped into clicking on the link. This gives would-be spies far easier access, especially at an age when people are leery of clicking on suspicious-looking messages. In this case, the virus used a flaw in Apple’s iMessage programme to install Pegasus, a massively intrusive piece of software that effectively converts a phone into a pocket listening device.
“As a user, there’s nothing you can do to defend yourself against infection, and nothing you’ll notice when you’re infected,” he told AFP. That is one of the reasons Apple has taken the danger so seriously, he claims. Scott-Railton advised Apple customers to apply the software update published on Monday by the tech giant. Just about a week after Citizen Lab discovered the issue on September 7, Apple issued a patch. A repair of this speed is “rare, especially for a large firm,” according to Scott-Railton.
The revelation of the iMessage weakness, according to Vivien Raoul, chief technical officer of French cybersecurity firm Pradeo, is “a solid start for decreasing the ports of entry, but it’s regrettably not enough to stop Pegasus.” Malware authors may just seek for additional holes in highly used programmes, which undoubtedly have problems from time to time owing to their complexity, according to specialists. Raoul claims that Google’s Android mobile operating system and Apple’s iOS “fix a huge number of vulnerabilities” on a regular basis. NSO, whose recruits include former elite officers of Israeli military intelligence, has tremendous resources of its own to invest in the hunt for flaws, while hackers offer access to them on the black market.
