An Israeli firm is selling iOS zero-days which allows hackers to remotely hijack of your iPhone
If you own an iPhone, update it right now even as you read this article because it can be hacked using three zero-days. According to news reports, an Emirati human rights activist named Ahmed Mansoor’s iPhone was hacked using one of the three zero-days an. Mansoor reportedly received an SMS message which promised new details of torture in the country’s state prisons, along with a link to follow if he was interested. If Mansoor had followed the link, it would have jailbroken his phone on the spot and implanted it with malware, capable of logging encrypted messages, activating the microphone and secretly tracking its movements.
The zero-days are reportedly being sold to world governments and authorities by an Israeli cyber security company called NSO Group. In fact, NSO Group is so secretive that it repeatedly changes its name to avoid undue exposure.
The incident came to light when Security company Lookout and internet watchdog group Citizen Lab investigated the cyber attack on Mansoor’s iPhone and found it to be the product of NSO Group, a “cyber war” organization based in Israel that’s responsible for distributing a powerful, government-exclusive spyware product called Pegasus.
Both the companies immediately notified Apple about the serious zero-days which NSO Group was selling and Apple immediately rolled out a patch for three previously unknown zero-day exploits that were used to target the iPhone 6 of Mansoor.
The vulnerabilities, known as “zero days” because they were previously unknown to Apple, give the hackers total access to an iPhone through a spear-phishing text message. Those text messages were designed to mimic the types of message a user might receive from a legitimate site, said the security researchers. Among those impersonated to get users to click on the links: the Red Cross, Facebook, Google, and even the Pokémon Company. Once clicked, the message downloaded malware, which gave the attackers total access to the phone.
“We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5,” Apple said in a statement. “We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits.”
The Citizen Lap report states that other NSO Group zero-day targets include activists and journalists in Yemen, Turkey, Mozambique, Mexico, Kenya, and the UAE.
Kindly update your iPhone/iPad to the latest version to avoid falling prey to such an attack. If you are somehow unable to update your iPhone/iPad kindly avoid clicking on even trusted links till your device is patched.