Recently, says a report at wired.com, it’s been unveiled that the obscure Israel-based NSO Group has been selling spyware delivered to smartphones through vulnerabilities in Apple’s iOS operating system.
“Pegasus” spyware can put a surveillance out on nearly everything including keystrokes, e-mails, video feeds and phone calls. Apple says that the three vulnerabilities with this spyware (“Trident”) have been patched.
In short, NSO Group’s spyware has been reverse engineered for the first time—achieved by the security research firm Lookout, which discovered Pegasus. Also getting credit for the discovery is Citizen Lab.
- Ahmed Mansoor, a well-known human rights activist with a history of being targeted by surveillance spyware, sent the security firms the suspicious SMS text messages he had received.
- Mansoor’s mobile device was running iOS’s latest version when two phishing texts came in with links. He had refused to click them.
- Instead he sent screenshots to Citizen Lab. The links led to a blank Safari browser page. The analysis then began.
- The spyware was intended to jailbreak the phone.
Jailbreaking an iPhone means the user can bypass Apple’s plan and customize the experience. However, in the Pegasus case, remote hackers wanted this control.
Citizen Lab and Lookout took their analysis to Apple, who made the patches within 10 days. The recommendation is to regularly download the latest iOS versions to help protect the device from attacks. The latest iOS version will stop Pegasus. However, it’s possible for NSO to infiltrate other phone operating systems like Android with the spyware, says Citizen Lab and Lookout.
NSO Group has no website, and supposedly, earns $75 million a year, with governments as the typical clients, and may have up to 500 employees. It won’t be any surprise if a new and similar threat follows soon, as the NSO Group is quite advanced, with a solid software development organization.
Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Beware of Apple ID Phishing Scams
You may have been scammed after you responded to an e-mail that appears it came from Apple. When hackers send e-mails that appear to come from a legitimate company like Apple (or Google, Microsoft, PayPal, etc.), with the objective of tricking the recipient into typing in passwords, usernames, credit card information and other sensitive data,
- Phishing Scammers Target Macs
On Christmas Day, 2011, Apple product users were targeted by a major phishing attack. The Mac Security Blog reported, “A vast phishing attack has broken out, beginning on or around Christmas day, with emails being sent with the subject ‘Apple update your Billing Information.’ These well-crafted emails could fool many new Apple users, especially those who may
- How Does Jailbreaking Or Rooting Affect My Mobile Device Security?
You may have heard the term jailbreaking or rooting in regards to your mobile phone, but what is this and what does it really mean for you? Jailbreaking is the process of removing the limitations imposed by Apple and associated carriers on devices running the iOS operating system. To “jailbreak” means to allow the phone’s owner to
- Yes, Macs Can get Malware
So Macs can be infected with malware. Who would have ever thought? The malware at issue here is the dreaded ransomware. Ransomware scrambles up your files, and the hacker at the helm says he’ll give you the cyber “key” in exchange for a handsome payment. Ransomware historically has primarily impacted Windows users, but recently it got
- Mobile Phone Security Under Attack
As mobile Internet usage continues its rapid growth, cyber criminals are expected to pay more attention to this sector. Mobile device platforms compete for content creators’ latest innovations, which often require more and more device access. As applications and other content are more widely distributed, security breaches will be inevitable. The speed of technological advancement and