A spyware company has developed an easy way to take over any Apple computer, watch, or iPhone so the software giant is asking everyone to update their devices. The malicious software attacks Apple devices through the iMessage app.
"It's absolutely terrifying," said John Scott-Railton, a senior researcher at The Citizen Lab, the company that discovered the hack and reported it to Apple.
What's scary about the hack is that it doesn't require the victim to download or click on anything to take effect. A device can be taken over by simply receiving a message. In the cybersecurity industry, it's known as a "zero-click" exploit.
People who have been attacked by the hack are extremely unlikely to know anything happened. "The user sees crickets while their iPhone is silently exploited," Scott-Railton said. "Someone sends you a GIF that isn't, and then you're in trouble. That's it. You don't see a thing."
The Citizen Lab says the hack has been around since February. It was created by NSO Group, an Israeli company that sells its hacking software to "vetted" customers across the world for counterterrorism and law enforcement purposes.
Today, September 13th, Apple is releasing an update that patches CVE-2021-30860. We urge everyone to immediately update all Apple devices.— Citizen Lab (@Citizen Lab)1631561593.0
After the attack was discovered by The Citizen Lab and reported to Apple, it created a fix that's available to users in its latest iOS or Mac OS updates. However, most users shouldn't be too concerned about the hack unless they believe they're being targeted by a government that uses NSO's software.
"This will prevent you from being infected with this exploit going forward," Scott-Railton said. "But what we know is NSO is always trying to find other ways to infect people's phones, and they may turn to something else."
Apple thanked The Citizen Lab for notifying them of the hack. "Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," Ivan Krstić, Apple's head of Security Engineering and Architecture, said in a statement.
The hack was developed by NSO Group to deploy Pegasus, the spyware it sells to governments around the world to surveil suspected criminals or terrorists. NSO Group claims that the software is only used for those purposes but it's been found on devices belonging to human rights activists, dissidents, and journalists.
Apple is urging all users to update their iPhone, iPads and computers as soon as possible after discovering a major… https://t.co/FRpvDIUfuk— CBS Mornings (@CBS Mornings)1631619662.0
The hack was discovered by The Citizen Lab on the phone of a Saudi dissident. "In this case, it's pretty clear that this person was targeted for being an activist and not for any other reason," Bill Marczak, a Citizen Lab senior research fellow, said according to Today.
The company insists that it can't be used to target Americans' phones. Facebook has accused NSO Group of hacking over 1,400 mobile devices using WhatsApp. NSO has disputed the accusation.
How to update your iPhone:
- Plug your device into power and connect to the internet with Wi-Fi.
- Go to Settings > General, then tap Software Update.
- Tap Install Now. If you see Download and Install instead, tap it to download the update, enter your passcode, then tap Install Now.
- Your latest iPhone update comes with some delightfully diverse new ... ›
- Apple issues apology for iPhone recording conversations - Upworthy ›
- Apple to scan iPhone phot to catch child abusers. - Upworthy ›