Security Flaw Forces Apple to Issue Emergency Update for iPhones
If you have an iPhone of any kind (you may be reading this article on one right now), stop what you're doing and install the latest operating system update. It could save you major headaches in the future.
According to USA Today, the University of Toronto's Citizen's Lab discovered what they call a "zero-click flaw" in Apple's operating system that allowed hackers using Pegasus spyware to access your phone through iMessage without needing to send a link you have to click. Instead, all they need to do is send you a random picture to gain access to your phone and all the personal information you have stored in it.
After alerting Apple to the flaw, developers with the tech company quickly went to work on the patch and released it for download on Monday. To install iOS 14.8 on your phone, open the Settings app, tap General, then software update and follow the steps. I updated mine Monday night and it took about 10 minutes to download and install. Updates for Mac computers and Apple Watches are also available, so if you have any of those devices, make sure you update those as well.
What is Pegasus Spyware?
Created by NSO Group, an Israeli company USA Today calls a "hacker-for-hire firm," Pegasus is considered by some to be the most powerful piece of spyware ever created by a private company. Why? Because it essentially turns your phone into a 24-hour surveillance device that can "copy messages you send or receive, harvest your photos and record your calls." It may also be able to "secretly film you through your phone’s camera, or activate the microphone to record your conversations," according to an article written by David Pegg and Sam Cutler and published on The Guardian back in July of this year. Freaked out yet? If so, this won't help; the authors say it can also "potentially pinpoint where you are, where you’ve been, and who you’ve met." Yay, technology!
How It Works
Unlike other spyware or malware hackers try to get you to unknowingly install on your phone through a link sent to your e-mail or through a text, Pegasus can be installed on your device and you'd never know. The latest version seeks out flaws in your phone's operating system (OS) the people who designed the system didn't even realize existed. Think of it as water and your phone as the roof of your house. No matter how well you think you sealed it, if there's one tiny pinhole you missed somewhere, the water is going to get in. The creators of Pegasus find those pinholes and use them to gain access to your phone, computer, tablet, or watch.
In the case of Apple's OS, Citizen Lab discovered the "pinhole" was a flaw in iMessage's "image rendering library." Basically, Pegasus disguises itself as an image code making your phone believe it's a normal, everyday image such as a photo and allows it to pass through. What's even scarier, or more impressive depending on how you want to look at it, you'll never know it happened. You'll get no notification showing you received a message, and Pegasus automatically erases the evidence once it's in.
How Concerned Should You Be?
NSO Group says they license their Pegasus spyware "to government agencies and police forces to investigate major crimes," according to USA Today. While that may be true, Pegasus has also reportedly been used to hack the devices of "human rights activists, journalists, and political dissidents." Unless you fall into one of those camps, the chances someone would target you or me with the spyware are slim. If someone really wants to know that my wife was running to Walmart after work and asked if I needed anything, they can just ask, I'll gladly tell them (the answer was, "I did not," by the way).
With that said, why take a chance? It's better to be safe than sorry if you ask me.
[Sources: USA Today / The Guardian]