[ad_1]
Find out what clicks on FoxBusiness.com.
A severe iPhone software vulnerability has been traced to a company accused of providing spy technology to autocratic governments. Here’s what you need to know.
Analyzing the phone of a Saudi activist, Citizen Lab researchers discovered a so-called “zero-day zero-click exploit” targeting Apple’s iMessage. The exploit is used against Apple iOS, macOS, and WatchOS devices, Citizen Lab said.
| Teleprinter | Security | Last | Switch | Switch % |
|---|---|---|---|---|
| AAPL | APPLE INC. | 146.06 | -2.73 | -1.83% |
NSO Group, which offers proprietary software called Pegasus, is behind the exploit, said Citizen Lab, which described the Israel-based company as a “mercenary spyware company.”
A severe iPhone software vulnerability has been traced to a company accused of providing spy technology to autocratic governments. (Apple Inc. / iStock / iStock)
CALIFORNIA COLLEGE STUDENT USED PHONE ACCOUNTS TO STEAL CRYPTO-CURRENCY IN SWAP SCAM, Says Fed
According to Kaspersky Lab, spyware can turn a phone into a spy device that captures geographic location, call logs, contact lists, and even photos.
The company used the vulnerability to infect the latest Apple devices with Pegasus spyware, which Citizen Lab calls FORCEDENTRY. It has been in use since at least February 2021, Citizen Lab said.
Zero days and zero clicks make it particularly malicious, Hank Schless, senior director, Security Solutions at Lookout, a cloud security company based in San Francisco, Calif., Told FOX Business.
“A zero-day vulnerability is one that has not been discovered or, more importantly, that is known but has not yet been addressed,” said Schless. Add the zero click on top of it and the exploit becomes particularly pernicious because the user has nothing to do, according to Schless. Typically, a user must click a link, download a file, visit a website, or install an application to activate malware.
APPLE, GOOGLE, AMAZON SPYING ON YOU, CLAIM OF TRIAL
Apple was quick to respond and released a patch on September 13 for the iPhone and iPad. The fixes are now available as security updates for iOS and iPadOS. Apple described the vulnerability as “a maliciously crafted PDF [that] may lead to the execution of arbitrary code. “
“We would like to commend Citizen Lab for completing the very difficult job of getting a sample of this exploit so that we can develop this fix quickly,” said Ivan Krstić, Head of Engineering and Architecture at Apple security, in a statement to Fox Business. .
“Attacks like the ones described are very sophisticated, cost millions of dollars to develop, often have a short lifespan and are used to target specific individuals,” Krstić said, adding that “they do not pose a threat to the overwhelming majority of our users. ”
Pegasus “spyware”
Citizen Lab accuses NSO of “selling technology to governments that will use the technology recklessly in violation of international human rights law.”
“Autocratic governments” are willing to pay “huge sums” to hack their detractors, Citizen Lab said, adding that “mercenary spyware companies are devoting substantial resources to identifying software vulnerabilities in widely used applications, then bundle those exploits to enthusiastic government clients, creating a very lucrative but widely abused market for commercial surveillance. ”
WHAT DATA APPLE AND GOOGLE COLLECTS ABOUT YOU
A July report from Amnesty International made similar accusations.
NSO Group Says Its Pegasus Spyware Is Only Used To “Investigate Terrorism And Crime” And “Leaves No Trace.” This Forensic Methodology Report Shows None Of These Statements To Be True Amnesty International said.
An article published in the Washington Post in July said that NSO’s “military grade spyware” was used to hack smartphones belonging to journalists, human rights activists, business leaders and “two female relatives. of murdered Saudi journalist Jamal Khashoggi “.
The phones were on a list of more than 50,000 numbers “concentrated” in countries that engage in citizen surveillance and known to be customers of the NSO Group, according to the report.
NSO says on its website that it is developing “cutting edge technology to help government agencies detect and prevent terrorism and crime.”
GET FOX BUSINESS ON THE GO BY CLICKING HERE
“Our regular detractors have no real solution to the security challenges of the 21st century. Their self-aggrandizing and misguided campaigns are a boon to terrorists, criminals and pedophiles,” NSO Group said in a statement to Fox Business.
“In the meantime, NSO Group will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terrorism and crime,” said NSO.
[ad_2]
Source link