Apple wants you to update your iPhone, Mac, and Apple Watch after it fixed a software flaw that let hackers spy without anyone clicking a link

iPhone
  • Apple has fixed a flaw that was letting hackers spy on devices without users even clicking a link.
  • The zero-click hack gave access to device cameras, microphones, and messages without users knowing.
  • Apple is telling users to update their iPhones, Macs, and Apple Watches immediately to protect them.
  • See more stories on Insider’s business page.

Apple is warning users to update their devices as soon as possible after it fixed a major spyware flaw.

The company has released emergency software updates in iOS 14.8 after learning of a vulnerability that let hackers break into Apple devices without users even clicking a link, the New York Times reports.

“Apple is aware of a report that this issue may have been actively exploited,” the company said on its website Monday.

The Canadian academic research group Citizen Lab published a report Monday saying it had uncovered a zero-day, zero-click exploit affecting iPhones, Macs, and Apple Watches. The lab says the flaw allowed Israeli spyware company NSO Group to remotely infect Apple devices. Because users don’t even have to click a link for the spyware to start working, they won’t even know their devices have been infected.

Known as Pegasus, the spyware can record texts, emails, and phone calls, and share them with NSO Group’s government clients worldwide, the Times reports. It can also turn on devices’ cameras and microphones.

“This spyware can do everything an iPhone user can do on their device and more,” Citizen Lab researcher John Scott-Railton told the Times.

Citizen Lab said it discovered the exploit, which it calls Forced Entry, in March while examining the phone of a Saudi activist who had been hacked with the spyware. The lab believes Forced Entry has been at work since at least February.

NSO Group was also found to be using zero-click attacks earlier this year. In July, Amnesty International found that military-grade spyware from NSO Group was used to hack the iPhones of dozens of journalists, activists, and executives.

Apple did not immediately respond to requests for comment.

A spokesperson for NSO Group emailed the following statement: “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime.”

Read the original article on Business Insider

Israeli military-grade spy software was used to hack phones of journalists, activists, executives, and 2 women connected to murdered journalist Jamal Khashoggi, a report says

Woman holds phone outside NSO Group in Herzliya
An Israeli woman uses her iPhone in front of the building housing the Israeli NSO group, on August 28, 2016, in Herzliya, near Tel Aviv.

  • Military-grade spyware technology was used to hack the smartphones of journalists, activists, and executives, The Washington Post reported.
  • Some of the affected journalists worked at outlets including CNN and The New York Times.
  • The 37 numbers appeared on a list of 50,000 phone numbers in countries with a history of conducting surveillance on their own citizens, according to the report.
  • See more stories on Insider’s business page.

Military-grade spyware technology software created by an Israeli company that sells it to governments for the purpose of countering terrorism and criminal activity was used to target the smartphones of 37 journalists, activists, and business executives, the Washington Post reported Sunday.

The investigation was conducted by the Post and 16 other media partners, according to the report.

Among those who were the subject of attempted smartphone hacking, which used software called Pegasus, include journalists working at CNN, the Associated Press, the New York Times. the Wall Street Journal, Bloomberg, and Voice of America in the US. Targets also included journalists working for Le Monde in France, the Financial Times in London, and Al Jazeera in Qatar, according to the Post report.

Two women connected to the Saudi journalist Jamal Khashoggi, who was murdered in October 2018 in a Saudi consulate in Istanbul, were also on the list, according to the report.

The 37 numbers appeared on a list of 50,000 phone numbers originating mostly from countries with a history of conducting surveillance on their own citizens and those who have a relationship with the Israeli cyber-surveillance firm NSO Group, which created and sells the Pegasus software, according to the Post.

The list was shared with media outlets by the Paris-based non-profit Forbidden Stories and by Amnesty International, according to the report.

The list does not identify who placed the numbers on it. More than 15,000 of the phone numbers on the list were from Mexico while another sizable chunk of numbers came from the Middle Eastern countries, including the United Arab Emirates, Qatar, Saudi Arabia, Bahrain, and Yemen, according to the Post.

Read the full story at The Washington Post

Read the original article on Business Insider

Can an iPhone be hacked? A breakdown of common hacks and cyber hygiene best practices

person looking at phone kitchen counter
To avoid being hacked, make sure you stay away from suspicious links and spam messages.

  • Your iPhone can be hacked in various ways, although iPhones are safer than Androids.
  • Experts say the best way to stay safe from hacks is to be vigilant of strange links or sketchy apps and to only give out information when necessary.
  • Poor battery life and sluggish performance can be indicators of an iPhone hack.
  • You might need to restore your iPhone to factory settings or get a replacement if it’s been seriously hacked.
  • Visit Insider’s Tech Reference library for more stories.

iPhone hacks aren’t incredibly common, but they can still occur if you aren’t careful.

From malware and trickster apps downloaded from the App Store to targeted attacks on a specific device, your information can be stolen in myriad ways.

Here we’ll break down the common types of hacks, how to tell if you’ve been hacked, and what to do about it.

How an iPhone can be hacked

Hacking occurs when someone else gains access to private information on your device or controls it without your consent. It’s a broad term, and lies on a gradient of bad to very serious. Some hackers want to make a quick buck selling advertising. Others want to hurt you.

Experts said there are a few main types of iPhone hacks:

Suspicious websites or links

Just like on your computer, your iPhone can be hacked by clicking on a suspicious website or link. If a website looks or feels “off” check the logos, the spelling, or the URL.

Try to avoid connecting to a password-free public Wi-Fi network, which opens the possibility of a hacker accessing unencrypted traffic on your device or redirecting you to a fraudulent site to access login credentials.

Messages from numbers you don’t recognize are also suspect.

Fortunately, modern smartphones are good at resisting malware and ransomware.

Suspicious apps on the App Store

Apple devices exist in a much more closed and monitored digital ecosystem when compared to Android devices.

The company has a vetting process for apps on its store, but it’s not bulletproof.

Ning Zhang, who leads the Computer Security and Privacy Laboratory at Washington University in Saint Louis, said to watch out for apps that ask for more information than they’ll need to function.

For example, if you’ve downloaded a wallpaper or flashlight app and it’s asking for your location or contact list, camera, or microphone, that’s a red flag. Likely, the developers are tricking you into giving out this information so it can be sold.

“I’d be a little bit skeptical about it and consider if I really want that wallpaper app,” he said. “Being vigilant, even with official apps, is helpful. If we are able to do that, I think for the average person, you should be fairly safe.”

app
It’s important to keep track of even the official apps on your phone and to check for any suspiciously downloaded apps, as well.

Intimate partner hacks

Abusive partners can grab your phone and download spyware (or stalkerware) when you’re not looking. This malicious software can be used to track your location, or make private information like texts, your call history, and emails accessible to them.

All they need is your password and physical access to your phone. Experts we spoke to said that this is unfortunately common. This abuse can be psychologically traumatizing and devastating to someone’s personal and public life. If you notice apps that you don’t remember downloading, this could be a sign – although many times the spyware app is invisible on the home screen.

Sadly, this problem isn’t easy to fix. Victims can risk their safety by deleting the apps or checking for malware if and when abusers notice these actions.

Targeted attacks

The average person probably won’t be singled out and remotely targeted by hackers because it’s expensive, sometimes costing millions for hacks of newer phones, said Matthew Green, an associate professor at the Johns Hopkins Internet Security Institute.

Journalists and activists are most at risk for this kind of hack.

One form of a targetted hack works like this: Hackers exploit unknown flaws in the iOS programming that even its developers don’t yet know about. With this knowledge, hackers can install malware to get data from targetted sources.

“This is a very sophisticated set of hacks and oftentimes you won’t even know this happened to you,” Green said. “If it’s someone who is really sophisticated, they’ll send you an invisible text message and then your phone is going to be compromised for awhile.”

The bugs are known as “zero-day” exploits, corresponding with the fact that Apple will find out about a possible security issue in their software on the same day it’ll work to patch it. The minute the world knows, it’s only a matter of time before the hack is obsolete. That’s why these pricey hacks are often kept under wraps by the people, or governments, who purchase them, Green said.

Ways to protect yourself from an iPhone hack

iPhones can absolutely be hacked, but they’re safer than most Android phones.

Some budget Android smartphones may never receive an update, whereas Apple supports older iPhone models with software updates for years, maintaining their security. That’s why it’s important to update your iPhone.

Apps on the App Store are also vetted for malware (though there are questionable apps that go unnoticed).

However, if you’re considering “jailbreaking” your iPhone – removing the software restrictions imposed on iOS – you’re opening yourself up to potential vulnerabilities in the software because you’ve eliminated some of Apple’s existing security measures. It is possible to download incompatible spyware or malware apps on a jailbroken phone, and this is also how remote takeovers can occur with iPhones. A jailbroken phone should be avoided as it can dangerously allow malicious apps to go undetected.

If you backup your phone in iCloud, make sure to have a strong password. If someone gets ahold of your password, they don’t even need to hack your phone because they can download a backup from the cloud.

Cloud Storage
Hackers can access your information by downloading a backup from the cloud, which eliminates the need to jailbreak or get access to your phone.

Turning on Apple’s two factor authentication is another good way to stay safe and can prevent your iCloud account (Apple ID) from being hacked by requiring another step of verification.

Vyas Sekar, a professor of electrical and computer engineering at Carnegie Mellon University, said staying safe is all about “good digital hygiene.”

“Install apps from trustworthy sources and unless you know what you’re doing, you probably don’t want to jailbreak your phone,” Sekar said. “Be careful. Don’t click on attachments you don’t want to open and keep your phone up to date.”

How to tell if your iPhone has been hacked

You can’t always tell if your iPhone has been hacked, Sekar said. But you may notice a few things.

  • Your phone is unusually hot, or frequently dying.
  • Your phone is sluggish when trying to load websites.
  • The battery is draining even when you’re not touching your phone.

These symptoms indicate the phone is running all the time, even when you’re not using it. Sometimes, the best indicators come from the outside, such as when friends say they’re getting odd messages from you. However, the most sophisticated hacks can be somewhat invisible.

There’s no definite way to check for every type of hack. Experts told us that one reliable way to investigate is to download a mobile security app called iVerify, which scans your phone’s operating system for suspicious behavior and can also detect if your phone has been jailbroken.

What to do when your iPhone has been hacked

If you know your phone has been hacked, you have a few options depending on what happened.

For minor problems, like an app stealing your information, delete the app and update your software.

In serious cases, you’ll want to wipe your iPhone and restore it to factory settings. But even if you do that, it may note be completely clear if you’ve gotten rid of the malware installed on your phone – especially if it has been jailbroken.

Man iphone
If you suspect your phone has been hacked, sometimes the safest bet is to get a new phone, depending on the severity of the breach.

Finding an expert for inspection may be the best solution. Green from Johns Hopkins said your phone can’t always be cured.

“I hate to say this, but if you really, really need to be safe, get a new phone,” Green said. “If somebody actually gets on your phone, and it’s a really high barrier for iPhones, they can install stuff like keyloggers, which means every key press, every letter you type in is being sent to somebody. Until you’re sure that’s gone, you can’t be sure you have any privacy.”

If you can’t get a new phone right away, a hacked iPhone is likely not safe to use, so you’re best to leave it turned off.

How to factory reset your iPhone and wipe its data, whether you’re selling it or troubleshooting issuesWhat is cybersecurity? A guide to the methods used to protect computer systems and dataWhat is malware? Everything you need to know about malicious software and viruses, and how to protect your computerHow to diagnose and remove any virus from your iPhone

Read the original article on Business Insider