WhatsApp CEO Will Cathcart said senior government officials of US allies, including some in national-security roles, were targets of Pegasus phone malware in 2019.
Cathcart’s statements, which were featured in an interview by The Guardian on Sunday, followed reports last week from the Pegasus Project, a consortium that included The Guardian, The Washington Post, and Amnesty International.
The reports said an Israeli company sold access to military-grade spyware, which was used to hack the phones of journalists, activists, and government officials.
NSO Group, the company behind the Pegasus software, denied the phone numbers leaked to the consortium were Pegasus targets.
WhatsApp sued NSO Group in October 2019, saying about 1,400 mobile devices running the app were targeted by the company’s surveillance software.
According to the complaint, NSO Group had gained access to WhatsApp’s servers to target “attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials.” The lawsuit is ongoing.
“The reporting matches what we saw in the attack we defeated two years ago, it is very consistent with what we were loud about then,” Cathcart told The Guardian.
There were more than 50,000 phone numbers on a leaked list of potential Pegasus targets, although it was unclear how many had actually been targeted, Forbidden Stories said. The list included numbers for French president Emmanuel Macron, Pakistani prime minister Imran Khan, and South African president Cyril Ramaphosa, Amnesty International said.
NSO Group said the consortium’s reports were inaccurate, denying the numbers on the list were targets or potential targets of Pegasus. It said it would no longer reply to media questions about the software.
“The numbers in the list are not related to NSO group,” the company said in a statement on Wednesday under the headline Enough is Enough. “Any claim that a name in the list is necessarily related to a Pegasus target or Pegasus potential target is erroneous and false.”
The Pegasus software was designed to “covertly collect information about your target’s relationships, location, phone calls, plans and activities – whenever and wherever they are,” according to a product description included as an exhibit in WhatsApp’s 2019 lawsuit.
The software tracked GPS locations, monitored voice and VoIP calls, and collected other information, the description said. It also “[l]eaves no trace on the device.”
The software was reportedly sold to governments.
“There is no such thing as an encryption backdoor for just the good guys,” Cathcart said on Twitter last week. “A backdoor would be abused. And a backdoor would be a gift to hackers, criminals, spyware companies, and hostile governments, with dangerous consequences for safety and security.”
iPhone hacks aren’t incredibly common, but they can still occur if you aren’t careful.
From malware and trickster apps downloaded from the App Store to targeted attacks on a specific device, your information can be stolen in myriad ways.
Here we’ll break down the common types of hacks, how to tell if you’ve been hacked, and what to do about it.
How an iPhone can be hacked
Hacking occurs when someone else gains access to private information on your device or controls it without your consent. It’s a broad term, and lies on a gradient of bad to very serious. Some hackers want to make a quick buck selling advertising. Others want to hurt you.
Experts said there are a few main types of iPhone hacks:
Suspicious websites or links
Just like on your computer, your iPhone can be hacked by clicking on a suspicious website or link. If a website looks or feels “off” check the logos, the spelling, or the URL.
Try to avoid connecting to a password-free public Wi-Fi network, which opens the possibility of a hacker accessing unencrypted traffic on your device or redirecting you to a fraudulent site to access login credentials.
Messages from numbers you don’t recognize are also suspect.
Fortunately, modern smartphones are good at resisting malware and ransomware.
Suspicious apps on the App Store
Apple devices exist in a much more closed and monitored digital ecosystem when compared to Android devices.
The company has a vetting process for apps on its store, but it’s not bulletproof.
Ning Zhang, who leads the Computer Security and Privacy Laboratory at Washington University in Saint Louis, said to watch out for apps that ask for more information than they’ll need to function.
For example, if you’ve downloaded a wallpaper or flashlight app and it’s asking for your location or contact list, camera, or microphone, that’s a red flag. Likely, the developers are tricking you into giving out this information so it can be sold.
“I’d be a little bit skeptical about it and consider if I really want that wallpaper app,” he said. “Being vigilant, even with official apps, is helpful. If we are able to do that, I think for the average person, you should be fairly safe.”
Intimate partner hacks
Abusive partners can grab your phone and download spyware (or stalkerware) when you’re not looking. This malicious software can be used to track your location, or make private information like texts, your call history, and emails accessible to them.
All they need is your password and physical access to your phone. Experts we spoke to said that this is unfortunately common. This abuse can be psychologically traumatizing and devastating to someone’s personal and public life. If you notice apps that you don’t remember downloading, this could be a sign – although many times the spyware app is invisible on the home screen.
Sadly, this problem isn’t easy to fix. Victims can risk their safety by deleting the apps or checking for malware if and when abusers notice these actions.
The average person probably won’t be singled out and remotely targeted by hackers because it’s expensive, sometimes costing millions for hacks of newer phones, said Matthew Green, an associate professor at the Johns Hopkins Internet Security Institute.
Journalists and activists are most at risk for this kind of hack.
One form of a targetted hack works like this: Hackers exploit unknown flaws in the iOS programming that even its developers don’t yet know about. With this knowledge, hackers can install malware to get data from targetted sources.
“This is a very sophisticated set of hacks and oftentimes you won’t even know this happened to you,” Green said. “If it’s someone who is really sophisticated, they’ll send you an invisible text message and then your phone is going to be compromised for awhile.”
The bugs are known as “zero-day” exploits, corresponding with the fact that Apple will find out about a possible security issue in their software on the same day it’ll work to patch it. The minute the world knows, it’s only a matter of time before the hack is obsolete. That’s why these pricey hacks are often kept under wraps by the people, or governments, who purchase them, Green said.
Ways to protect yourself from an iPhone hack
iPhones can absolutely be hacked, but they’re safer than most Android phones.
Some budget Android smartphones may never receive an update, whereas Apple supports older iPhone models with software updates for years, maintaining their security. That’s why it’s important to update your iPhone.
Apps on the App Store are also vetted for malware (though there are questionable apps that go unnoticed).
However, if you’re considering “jailbreaking” your iPhone – removing the software restrictions imposed on iOS – you’re opening yourself up to potential vulnerabilities in the software because you’ve eliminated some of Apple’s existing security measures. It is possible to download incompatible spyware or malware apps on a jailbroken phone, and this is also how remote takeovers can occur with iPhones. A jailbroken phone should be avoided as it can dangerously allow malicious apps to go undetected.
If you backup your phone in iCloud, make sure to have a strong password. If someone gets ahold of your password, they don’t even need to hack your phone because they can download a backup from the cloud.
Vyas Sekar, a professor of electrical and computer engineering at Carnegie Mellon University, said staying safe is all about “good digital hygiene.”
“Install apps from trustworthy sources and unless you know what you’re doing, you probably don’t want to jailbreak your phone,” Sekar said. “Be careful. Don’t click on attachments you don’t want to open and keep your phone up to date.”
How to tell if your iPhone has been hacked
You can’t always tell if your iPhone has been hacked, Sekar said. But you may notice a few things.
Your phone is unusually hot, or frequently dying.
Your phone is sluggish when trying to load websites.
The battery is draining even when you’re not touching your phone.
These symptoms indicate the phone is running all the time, even when you’re not using it. Sometimes, the best indicators come from the outside, such as when friends say they’re getting odd messages from you. However, the most sophisticated hacks can be somewhat invisible.
There’s no definite way to check for every type of hack. Experts told us that one reliable way to investigate is to download a mobile security app called iVerify, which scans your phone’s operating system for suspicious behavior and can also detect if your phone has been jailbroken.
What to do when your iPhone has been hacked
If you know your phone has been hacked, you have a few options depending on what happened.
For minor problems, like an app stealing your information, delete the app and update your software.
Finding an expert for inspection may be the best solution. Green from Johns Hopkins said your phone can’t always be cured.
“I hate to say this, but if you really, really need to be safe, get a new phone,” Green said. “If somebody actually gets on your phone, and it’s a really high barrier for iPhones, they can install stuff like keyloggers, which means every key press, every letter you type in is being sent to somebody. Until you’re sure that’s gone, you can’t be sure you have any privacy.”
If you can’t get a new phone right away, a hacked iPhone is likely not safe to use, so you’re best to leave it turned off.
Secure Boot is an important safety and security feature found on most modern PCs – it prevents unauthorized software like malware from taking over your PC when it turns on. It’s a feature in your computer’s UEFI designed to authenticate security keys on compatible software like Windows 10.
Sometimes, though, you might need to disable Secure Boot. This might be the case if you need to install an operating system or other bootup utilities that are not compatible with Secure Boot. Only Windows 8 and Windows 10 have Secure Boot certificates, for example – if you needed to install Windows 7 on a Secure Boot-enabled PC, you would need to disable Secure Boot.
Please exercise caution before doing this, though. Secure Boot is an important element in your computer’s security, and disabling it can leave you vulnerable to malware that can take over your PC and leave Windows inaccessible.
Software is a set of instructions, written in computer code, that tells a computer how to behave or how to perform a specific task. Software usually comes in the form of commercial programs (like Microsoft Word and Adobe Photoshop), games, a computer operating system, or even malware like viruses and ransomware. Any program or code that runs on a computer is an example of software, and anything you do with a computer requires the use of software. Software is created by computer programmers, commonly referred to as coders.
Types of software
There are many types of software in use today. To give you a sense of the scope of the software industry, here is an overview of the major kinds of software in use today.
System software is the general category of software that allows the computer hardware to function and serves as the underlying platform for applications to run. System software is particularly complex, and there are multiple “layers” associated with any computing device. For example:
Operating system (OS): Without an operating system like Windows or MacOS, a computer is just a collection of hardware components unable to perform any functions. The OS allows the computer to perform basic functions, provides an interface so users can interact with the computer, and a platform on which applications can run. The OS “abstracts” many common tasks for applications to minimize redundancy – for example, the OS offers printing as a service to applications so every program doesn’t need to have its own way of sending files to the printer.
Firmware: Many devices and components have firmware, which is semi-permanent software that tells the device how to behave and how to interact with other devices. Firmware can often be updated, but persists when there’s no power applied to the device.
Device drivers: Device drivers are small programs that allow the operating system and computer components to communicate. Every component needs a driver so the OS knows how to use that device. Virtually every component in a computer, including the video card, sound chip, keyboard, and mouse have their own drivers.
Utilities: Blurring the line between system software and application, utilities are small programs that often come with or tightly integrate themselves into the OS to perform specific OS tasks. Anti-malware software, hard drive cleanup, and file compression tools (like WinZip) are examples of utilities.
This is the kind of software you are probably most familiar with – also called programs or apps, they are packages that usually have a specific purpose and you use to accomplish a certain goal.
There’s a virtually limitless variety of applications. Some of the most common include productivity software like word processors, spreadsheets, and email clients (Microsoft Word, Excel and Outlook are common examples). Database software like Microsoft Access is used to organize and manage large volumes of data.
Games are also popular applications, as well as multimedia software (the Camera app on your phone is an application, as well as Adobe Photoshop, which is used to edit graphics and photos). Web browsers are also among the most common software applications.
It’s probably no surprise that software is created with other software. Coders rely on a number of different software tools to create programs. Here are a few examples of programs used by coders during software development:
Compilers are programs that convert the code written by humans into a lower-level form of machine code that’s directly interpretable by computer hardware. The existence of compilers makes it practical to create extremely sophisticated software.
Debuggers are computer programs used to test and “debug” (find and remove errors) from computer code.
Linkers are programs that take the output from a compiler – often many individual files – and combine them into a single executable file that can be run on its own by a user without the need to run it within a programming environment.
Malware is software designed to act in harmful ways, and there are many examples of malware today including viruses, worms, Trojans, and ransomware. When infected with malware, a computer and its software may misbehave or stop working entirely. There’s an arms race between malware developers and anti-malware utility writers, and it’s important to have anti-malware software installed on your computer. You should also follow best practices to avoid malware.
How software is distributed
Not all programs are distributed, sold, or shared the same way, and the primary method of distribution has changed over the years. At one time, virtually all software was commercial and sold through retailers. That’s far from the case today. Here are some of the major distribution mechanisms.
Commercial: A lot of software is still commercial, though it’s far less common than it once was. Any program you purchase and get a physical or digital copy of is commercial software. Keep in mind that you don’t own the software; you only own a license that confers the right to use the software. The distinction is important for a lot of reasons, not the least of which is it gives the publisher the right to change the software via online updates without your express permission.
Open-source: Often seen as the opposite of commercial, open-source software is usually made available with all of its source code, which allows an entire community of coders to update, modify, and improve the program. Not all open-source software is free; some is sold at retail prices.
Freeware: A lot of software is completely free to download and use. The freeware model allows publishers to distribute its software more easily because a lot of people will be willing to try something for free. Some freeware is also referred to as adware because while the application is free, it comes with embedded advertising.
Shareware: A variation of freeware, shareware is free for a limited time. If you find the application useful, you have the option to pay for it to continue using it. Many shareware programs are free for a limited period of time, though other programs will only work for a specific number of uses.
Cybersecurity is the practice of protecting all forms of computer technology from malicious attacks. It includes the preservation of computers, servers, mobile devices, networks, applications, and data in the event of damage, destruction, and unauthorized access. As an industry, cybersecurity is enormous and growing to help protect everyone from new and evolving threats.
By early 2021, it looks like Apple’s line of new computers has already been breached by a malicious set of software nicknamed “Silver Sparrow.” Just shy of 30,000 of Apple’s new computers have already been infected, according to the security firm Red Canary, primarily in the United States, United Kingdom, Canada, France, and Germany.
The infected machines range from the Mac Mini desktop to the latest version of Apple’s laptops. Both the latest MacBook Air and 13-inch MacBook Pro are powered by M1 chips.
Notably, security researchers have yet to observe the Silver Sparrow malware actually doing anything harmful.
“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet,” Tony Lambert, an analyst at Red Canary intelligence, wrote in a blog post. “Its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice.”
Got a tip? Contact Insider senior correspondent Ben Gilbert via email (firstname.lastname@example.org), or Twitter DM (@realbengilbert). We can keep sources anonymous. Use a non-work device to reach out. PR pitches by email only, please.