Tech

Apple states that a security flaw has been fixed.Cyber ​​analysts warn that zero-click threats will continue

Cyber ​​security analysts Apple After the company issues an emergency security patch on Monday, users will immediately update their mobile phone, computer and watch software to prevent hackers from accessing their devices without their knowledge.

Researchers at the University of Toronto’s Citizen Lab said in a new report that Israeli spyware company NSO Group used what was called a “zero-click exploit” to access the phones of unnamed Saudi activists. rice field. Researchers at Citizen Lab have called the exploit a “Force dentry” and said it has been in use since February. It also revealed that NSO Group’s flagship product, the Pegasus spyware program, was used to infect activist devices.

“A typical cyberattack requires the user to engage in malicious content (such as clicking on a malicious link), but a zero-click exploit does not require interaction with the device owner himself.” , Said Lisa Plaggemier, Interim Secretary-General of National. The Cybersecurity Alliance told . “This means it’s virtually impossible to know if an individual is at risk,” she added.

NSO Group is well known in the cyber world, formerly funded and operated as a US company, but later returned to Israel. Hackers could use the zero-click exploit to install Pegasus spyware on the target device by sending a message or making a phone call.

Apple iPhone X
The new iPhone X was unveiled at a media event held at Apple’s new headquarters in Cupertino, California, on September 12, 2017.

Josh Edelson / AFP / Getty Images


“Once installed, Pegasus gives a variety of controls that allow it to pick up data and activate processes such as cameras and microphones on iOS or Android devices,” said Jerry Ray, COO of cyber firm SecureAge. Told. According to Ray, the main difference between this NSO Group exploit and previous exploits is the access route. In this example, it was the text sent via iMessage, but previous attempts required a phone call.

“Given all the apps that could pose a weakness that could be exploited by actors like NSO Group, this could update the number of decimal places in countless apps in the future. There is, “says Ray.

Citizen Lab describes NSO Group as a “prolific” seller of espionage technology to governments around the world, stating that its products, including Pegasus, are regularly associated with surveillance abuse. In 2019, Citizen Lab helped WhatsApp discover violations targeting at least 1,400 phones due to the absence of voice calls. Recently, Citizen Lab said Pegasus spyware was used to hack 36 personal phones of Al Jazeera journalists, producers, anchors and executives.

“We will continue to provide intelligence and law enforcement agencies around the world with life-saving technology to combat terrorism and crime,” NSO Group said in a brief statement to .

However, a cybersecurity analyst who spoke with disagreed with NSO Group’s framing.

“The company states that its spyware can only be used by authorized law enforcement groups to target terrorists and criminals, but many questions have been raised about the authenticity of this statement.” Said Pragemier. “This needs to act as a big awakening call for device makers and technology providers as a whole. The zero-click threat is here and stays here,” she added.

Apple, which provided an update to patch security issues on Monday, acknowledged Citizen Lab for helping the company address the issue quickly.

“Attackes like the one described are very sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.” Ivan Krsić, Head of Security Engineering and Architecture at Apple, said in a statement. “That means it’s not a threat to the overwhelming majority of users, but we’re constantly striving to protect all our customers and constantly adding new protections to our devices and data.” He added.

Earlier this year, Apple revealed that a total of over 1 billion active iPhones and over 1.6 billion Apple devices are in active use. Apple says recent vulnerabilities are unlikely to affect the majority of customers, but cybersecurity analysts say the breach is still very hunted down.

“Apple deliberately tried to prevent Pegasus from running on iOS 14, but the malware still managed to exploit a software vulnerability,” said Caroline Wong, chief strategy officer of cybersecurity firm Cobalt. I told . “The spread of this vulnerability is alarming,” she added.

Apple states that a security flaw has been fixed.Cyber ​​analysts warn that zero-click threats will continue

Source link Apple states that a security flaw has been fixed.Cyber ​​analysts warn that zero-click threats will continue

Back to top button