Watch
Listen
Be a CallerTechTime Unaired Segment: New Pegasus hack prompts APPLE to issue new software fix.
Apple users are being asked to install a security update after researchers found a flaw that hackers could use to access devices without any user action.
The researchers from Citizen Lab at the University of Toronto said in a report on Monday that a “zero-click exploit” was found in iMessage on a Saudi activist’s iPhone. Apple released a software patch on Monday in response to the exploit.
The researchers said the previously unknown vulnerability affected all major Apple devices: iPhones, Macs, and Apple Watches.
What is zero-click?
“zero-click” is a hacking method designed to infiltrate a user’s device without them knowing.
“We’re all familiar with the idea that we’re going to get suspicious messages, malware, and phishing, but that’s something we’re educated to be able to spot and not fall for,” he said.
“Zero-click means that somebody you probably don’t know … can remotely target and infect your device with no interaction … you see nothing, you hear nothing, and suddenly your device becomes a digital spy in your pocket.”
In other words, unlike the phony texts from delivery services and tax agencies that ask to click a link to resolve some unclear issue, zero-click is invisible.
“What’s interesting about this is that literally until the patch went up, everyone who had an Apple device could be potentially hacked using this vulnerability.”
“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect users. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”
Who is at risk?
At this point, it’s unclear if anyone else has been targeted, but Citizen Lab researchers said in their report they believe the hacking method has been in use since February. Furthermore, they attribute the attack to the NSO Group.
NSO wouldn’t confirm to Reuters if it was behind the hack but said in a statement it would “continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime.”