There have been many spyware vulnerabilities for mobile devices such as iPhones and Android. This Reuters Article details the account of how a Saudi woman’s iPhone revealed the details of a spyware network. The spyware she was infected was a Zero Click.
The type of spyware Citizen Lab discovered on al-Hathloul’s iPhone is known as a “zero click,” meaning the user can be infected without ever clicking on a malicious link.
Zero-click malware usually deletes itself upon infecting a user, leaving researchers and tech companies without a sample of the weapon to study. That can make gathering hard evidence of iPhone hacks almost impossible, security researchers say.
The spyware worked in the background. The user had no idea of the hack.
Marczak and his team found that the spyware worked in part by sending picture files to al-Hathloul through an invisible text message.
The image files tricked the iPhone into giving access to its entire memory, bypassing security and allowing the installation of spyware that would steal a user’s messages.
How was this information important to researchers?
Having a blueprint of the attack in hand allowed Apple to fix the critical vulnerability and led them to notify thousands of other iPhone users who were targeted by NSO software, warning them they had been targeted by “state-sponsored attackers.”
It was the first time Apple had taken this step.
How did Apple fix this vulnerability?
Click here for more information on the Apple NSO patches. The vulnerability is tagged as CVE-2021-30860.
Which devices are affected?
This vulnerability affects:
- All iPhones with iOS version prior to 14.8,
- All Mac computers with operating system versions prior to OSX Big Sur 11.6,
- All iPad Pro models,
- iPad Air 2 and later,
- iPad 5th generation and later,
- iPad mini 4 and later,
- iPod touch 7th generation.
- Security Update 2021-005 Catalina and
- All Apple Watches prior to watchOS 7.6.2
I want to learn more details about the spyware
You can read more about the details of spyware and how and what the researchers were able to discover. Reuters Article from 02/17/2022
How do I protect myself?
- > Reboot: most of these spywares are non-persistent and a reboot of the device will delete the spyware
- > Update: update your devices. If your device is too old to update, replace it.
Is there anything else I can do to protect myself?
- > Malware Protection: malware protection on your devices is critical.
- > Web-Protection: web filtering is critical to help prevent you from opening malicious websites on your device.
- > MDM: Mobile Device Management can help with managing your devices by keeping your device up to date, preventing apps from being installed, and provide life-cycle management to end-of-life older devices.
For these added protections and any other cyber-security assistance, contact us.