Apple on Monday advised all users to update their devices after researchers warned that the Israeli spyware company NSO Group had developed a way to take control over nearly any Apple computer, watch or iPhone.
The malicious software takes control of an Apple device by first sending a message through iMessage, the company’s default messaging app, and then hacking through a flaw in how Apple processes images. It is what’s known in the cybersecurity industry as a “zero-click” exploit — a particularly dangerous and pernicious flaw that doesn’t require a victim clicking a link or downloading a file to take over.
“It’s absolutely terrifying,” said John Scott-Railton, a senior researcher at The Citizen Lab, which recently discovered the software exploit and notified Apple about it. The group published a report about it Monday.
People whose devices have been exploited are extremely unlikely to realize they’ve been hacked, Scott-Railton said.
Hungarians protest Pegasus spyware allegations
As is often the case with NSO Group hacking, the newly discovered exploit is both technologically remarkable but likely only used on people specifically targeted by governments who use the company’s software.
“The user sees crickets while their iPhone is silently exploited,” he said. “Someone sends you a GIF that isn’t, and then you’re in trouble. That’s it. You don’t see a thing.”
NSO Group creates surveillance and hacking software that it leases to governments to spy on individuals’ computers and smartphones. For years, it has insisted that its primary product, Pegasus, is a vital tool to stop terrorists and other criminals, and that it merely leases its technology to legitimate governments in accordance with their own laws. It has also insisted it can’t be used to target Americans’ phones, and that it revokes usage from countries that misuse its products.
But Citizen Lab, a cybersecurity research center at the University of Toronto, has repeatedly found instances of Pegasus software used against journalists in Mexico who investigated cartels and Saudi Arabian dissidents, including associates of the slain Washington Post columnist Jamal Khashoggi.
In an emailed statement, an NSO spokesperson said that “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime.” An NSO Group spokesperson didn’t immediately return a request for comment.
While Pegasus isn’t known for surveilling large numbers of people, governments often use it to target individuals who don’t appear to be violent criminals, said Bill Marczak, a Citizen Lab senior research fellow. Citizen Lab was only able to identify this exploit because it was examining the phone of a Saudi dissident who so far has not given permission to share his name with the public, he said.
Check the latest news about tech news section for best information.