Millions of Apple iPhone and iPad users have been urged to update their iOS software immediately, after an Israeli cyber arms firm created weaponry which can attack every single handset.
Once the iPhone or iPad is infected with the spyware dubbed “Pegasus”, handsets “become a digital spy in [your] pocket”. Pegasus gives hackers full access to the breached device.
Canadian technology research centre Citizen Lab identified the cyber weapon after an Emirati dissident notified it of a suspicious link sent to his phone.
“Once infected, Mansoor’s [the dissident’s] phone would have become a digital spy in his pocket,” Citizen Lab’s report read.
“[Pegasus is] capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.”
Contacts and data from everything on a phone including Facebook, Skype, WhatsApp, Gmail, FaceTime and Twitter could be compromised, Citizen Lab warned.
The hack has heightened fears about the NSO Group – the cyber arms firm that Citizen Lab claimed created the malicious program.
Deputy director of Deakin University’s Cyber Security Research Institute Professor Matt Warren told The New Daily the Pegasus attack could herald a wave of complex malware.
He said that while NSO might not target everyday people with the malware, it would only be a matter of time before smaller hackers could.
“Technology can be reversed engineered,” Pr Warren said. “Other groups will start to try and reverse engineer it, find out how it works and create their own variations.”
NSO’s hack is the first known case of software that can remotely take over a fully up-to-date iPhone. (To update your iPhone or iPad click Settings > General > Software Update).
“[It’s] literally a click on a link to jailbreak an iPhone in one step. [It’s] one of the most sophisticated pieces of cyber espionage software we’ve ever seen,” Lookout [the firm which assisted Citizen Lab’s investigation] vice president Mike Murray told Motherboard.
Apple was notified earlier this month. It developed a fix and distributed it as an automatic update to iPhone and iPad owners.
What is the NSO Group?
NSO is a mysterious private cyber security firm which offers government, corporations and agencies “cyber weaponry”, amongst other services.
Forbes’ digital privacy reporter and NSO expert Thomas Fox-Brewster wrote alarmingly about the firm on Friday morning.
“For the last six years,” Mr Fox-Brewster wrote. “Their everyday routine has been nothing less than extraordinary: create the world’s most invasive mobile spy kit without ever exposing their work.”
Based in Israel, NSO has managed to keep all of its work a secret, save for some details being uncovered by tenacious cyber journalists.
It does not have a website, or any online advertising or information, except for its LinkedIn profile.
Mr Fox-Brewster listed a line of nation’s that have been alleged to have hired the services of NSO, on top of the United Arab Emirates (Friday’s attack) and Mexico.
“They [Citizen lab] determined ‘Pegasus’ could have been used across Turkey, Israel, Thailand, Qatar, Kenya, Uzbekistan, Mozambique, Morocco, Yemen, Hungary, Saudi Arabia, Nigeria, and Bahrain, though there was no clear evidence,” he wrote.