Israeli software company successfully invades iPhone: users can be hacked without clicking links


Tencent technology according to foreign media reports, according to a report recently released by a foreign organization, Apple iPhone can be broken by hacker software, and users’ sensitive data may be stolen. These hacker software even does not require mobile phone users to click the link.
The agency said it found that journalists and human rights lawyers’ iPhones had been infected with the NGO group’s Pegasus malware, which allows attackers to access information, e-mail, and the phone’s microphone and camera.
This disclosure shows that the government using the NSO malware has been able to successfully invade the iPhone and use methods unknown to apple to monitor user data. Even if the iPhone is kept up-to-date, it can not prevent professional attackers using expensive and covert spyware.
The nature of these attacks also suggests that changing user behavior – for example, avoiding clicking on unknown links or phishing links in messages – may not protect iPhone users from attacks by NSO software. The agency said past versions of Pegasus malware required users to click on malicious links in messages.
The NSO group, an Israeli company, said it sold products to censored government agencies and law enforcement agencies to prevent terrorism, car bombings and combat sex and drug trafficking gangs.
Leak list
The agency found evidence of hacking on the iPhone 12, the latest iPhone running IOS 14.6, the latest operating system before Monday. On Monday, apple updated its operating system to IOS 14.7, but it released security details without information indicating that it had fixed a vulnerability identified by the agency.
The agency was given a leak list of 50000 phone numbers that could be the target of spyware developed by the NSO group. It found that there was evidence that Android devices were also targeted by NSO spyware, but they could not be checked as they were on the iPhone.
“Apple clearly condemns cyber attacks against journalists, human rights activists and others committed to making the world a better place.” Ivan kristic, Apple’s head of security engineering and architecture, said in a statement: “Apple has been a leader in Security Innovation for more than a decade, so security researchers unanimously believe that the iPhone is the safest and safest consumer mobile device in the market.”
Apple’s iPhone software update may fix the vulnerability.
Security experts said that the most effective way to prevent malware is to let the device install the latest software patches, but this requires the device manufacturer to be aware of the vulnerabilities being used by attackers. If they are “0day vulnerability”, as the NSO group is accused of using, it means that Apple has not been able to fix the vulnerability.
Once Apple fixes the bug, users can protect themselves by updating to the latest version of the operating system.
This indicates that once Apple fixes the vulnerability, the software of the NSO group may stop working or lose the ability to attack the latest mobile phones. Apple said that as soon as it learned of the attack, it immediately began to study how to fix the vulnerability.
“Attacks like this are very complex, cost millions of dollars to develop, are usually short-lived, and are used to attack specific individuals. Although this means that they will not pose a threat to the vast majority of our users, we are still working tirelessly to protect all our customers, and we are constantly adding new protection measures to their devices and data. ” Christik said.
Apple has made security and privacy one of its key marketing strategies, arguing that its control over the operating system and the hardware that drives it enables it to provide a higher level of security and privacy than its competitors’ devices.
Apple said its security team is four times the size of five years ago, and once new threats are identified, employees will go all out to deal with them and try to improve the security of devices. Apple has released security patches for each piece of software on its website, categorizing them with industry standard “CVE” numbers, and commending the security researchers who discovered them.
Threat to user security
When the iPhone restarts, the NSO group’s software will not remain on the iPhone, making it more difficult to confirm whether the device is infected, the agency reported. It also said it was concerned that users who were targeted might need to restart their devices on a regular basis.
The agency said it worked with several international media groups to release details of several phone numbers it found on the leak list, as well as the specific circumstances that led them to be targeted by the NSO software. It is reported that there are some U.S. telephone numbers on the list, but it is not clear whether they have been hacked.
A spokesman for the NSO group said the company would investigate all abuse allegations.
“We want to emphasize that the sole purpose of the NSO to sell its technology to reviewed government law enforcement and intelligence agencies is to prevent crime and terrorism and save lives. The NSO does not run the software and cannot see the data. ” A spokesman for the NSO said.
Other technology companies also believe that the business of the NSO group is unacceptable and poses a threat to the security of its users. Last year, WhatsApp, a Facebook subsidiary, sued the NSO group for hacking WhatsApp. In a court filing filed as part of the case last December, a third party, including Microsoft, Google, Cisco and others, said the NSO group violated U.S. law and should not enjoy immunity because it sold its spyware to foreign governments( Tencent technology reviser / Lexue)