A new kind of threat targeting Apple users has surfaced recently. It’s an evolved form of known and highly complex spyware that leaves infected devices wide open to surveillance and data collection. What kind of risk is this, and what about it should give you pause? Find out everything you need to know in our comprehensive rundown.
What Happened?
At the beginning of September, Citizen Lab published their findings on a sophisticated attack that targeted an employee of “…a Washington DC-based civil society organization with international offices”. Their iPhone was found to contain Pegasus, a highly specialized mercenary spyware.
The spyware got onto their phone via images contained inside a PassKit attachment. The attack is insidious because this iteration of this spyware is a zero-click exploit. That means the victim doesn’t need to perform any actions like tapping or clicking for the malicious code to run.
Citizen Lab alerted Apple about the manipulation as soon as they identified it. It could affect smartphones as old as the iOS 8, along with various versions of the company’s tablets and desktop computers.
iOS 16.6 was the latest operating system version at the time and offered no protection from the exploit unless users were running their devices in Lockdown Mode. Apple was quick to react and has successfully addressed the vulnerability in a fix.
Do You Know?
Spyware can slow down the internet speed dramatically as every piece of information needs some bandwidth to leave the device.
What Is Pegasus?
Pegasus is an advanced form of spyware. Unlike ordinary exploits designed to run a single task, it contains a collection of manipulations designed to target diverse vulnerabilities. The damage it can do is all-encompassing. It can access app data and stored passwords, take control of the camera, and spy on phone conversations.
Citizen Lab first identified it back in 2016, when it targeted an award-winning human rights activist from the United Arab Emirates. The origins of most malware remain a mystery, but we know exactly who’s responsible for this spyware. It was developed by the NSO Group, an Israeli-based cyber-intelligence company.
NSO markets Pegasus as a surveillance tool capable of identifying terrorist threats. Promotional materials suggest it sells this software only to world governments interested in tracking and acting against foreign & domestic terrorist hazards. As the highly publicized examples suggest, the tool is often used to surveil citizens without terrorist ambitions whose activities might clash with government interests.
What’s the Takeaway?
Due to its nature and scope, this particular incident doesn’t seem to pose a danger to the general public. The targets aren’t chosen at random. It’s not always clear if criminals or governments target them. It takes skill and research into a person’s life & habits to develop scenarios that prompt them to download malware like this.
NSO is a company with several hundred employees and more resources than your average hacking group. The chances of developing such a threat on a wider scale aren’t high. Apple was ultimately able to neutralize it with a single patch shortly after discovery.
While it might not affect the average person, this version of this software could offer a glimpse into a more uncertain cybersecurity future. Its comprehensive exploit suite highlights just how vulnerable our devices can be. People live under the mistaken impression that iPhones are less vulnerable than Android devices. Incidents like this should help dispel such notions.
The zero-click aspect is highly concerning since it takes agency away from the victim. The code was embedded inside images, and iMessage loaded automatically. If someone can reverse engineer or develop zero-click manipulation of their own, the manufacturers and cybersecurity experts will have their hands full.
What Can You Do to Stay Safe?
Apple’s rapid response nipped this risk in the bud. This highlights yet again how enabling updates and applying new ones as soon as they’re available is one of the easiest yet highly effective actions you can take to secure your devices.
Another is to maintain your anonymity online. VPNs provide this anonymity and a secure way of connecting to the internet through encrypted tunnels. Some providers also have VPN firewalls to protect you from hazards even better.
Earlier versions of Pegasus and most malware today rely on the user to act like clicking a link or filling in a form. Learning how to recognize and not fall for such threats is easy yet integral to your online security.
