Apple iPhones can be hacked if user never clicks on a link, says Amnesty International
IPhone 12 Mini and iPhone 12 Pro Max.
Todd Hasilton | CNBC
According to a report by Amnesty International published on Sunday, hacking software could compromise Apple iPhones and steal their sensitive data without the phone owner having to click on a link. ۔
Amnesty International said it had infected iPhones belonging to journalists and human rights lawyers with the NSO group’s Pegasus malware, which could give the attacker access to messages, emails and phone microphones and cameras. ۔
The revelations show that governments using NSO Group software have been able to successfully hack iPhones to spy on user data using unknown methods, and that the iPhone Keeping up to date can’t stop a dedicated attacker from using expensive and secret spy software.
The nature of the attacks also suggests changing the user’s behavior, such as avoiding clicking on unknown or phishing links in messages. IPhone users cannot be protected against NSO software. Amnesty International said that for past versions of Pegasus, the user needs to click on a malicious link in a message.
The NSO group is an Israeli firm that it says sells to government agencies and law enforcement agencies tested to crack down on terrorism, car bombings and sex trafficking cases.
Amnesty International has found evidence of a hack in the iPhone 12, running the latest iPhone model, iOS 14.6, which was the latest software before Monday. Apple on Monday updated its software to iOS 14.7 but has not yet released security details that may indicate that it has complied with the actions identified by Amnesty International.
Amnesty International obtained a leaked list of 50,000 phone numbers created by the spy software through the NSO group. This led to evidence that Android devices were also targeted by NSO Group software, but it did not test these devices in the same way as iPhones.
“Apple unequivocally condemns cybersecurity operations against journalists, human rights activists, and others seeking to make the world a better place. For over a decade, Apple has led the industry in security innovation and its As a result, security researchers agree that the iPhone is the most secure, the most secure consumer mobile device on the market, said Avon Kristik, head of security engineering and architecture at Apple.
Apple’s iPhone software update can fix exploitation
Security experts say the most effective way to prevent malware is to keep devices with state-of-the-art software, but that requires the creation of a tool that identifies which attackers are using the bugs. If they are “0days”, as NSO Group has been accused of using, it means that Apple has not yet been able to correct the exploitation.
Once Apple fixes the exploit, there are less than 0 days left and users can protect themselves by updating to the latest version of the operating system.
Apple said the NSO Group’s software could stop working or lose the ability to target the latest phones as soon as Apple fixes its actions.
“Attacks like these are extremely sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. That means they are our customers. “We’re working hard to protect all of our customers, and we’re constantly adding new tools and data to our security,” Kristik said.
IPhone privacy has been an important marketing strategy
Apple has made security and privacy a key strategy in discussing its control over the operating system, and the hardware that powers it has provided Apple with a higher level of security and privacy than devices developed by competitors. Allows.
Apple said its security team is four times larger than it was five years ago and that employees work to improve device safety as soon as new threats are reported. Apple publishes security fixes for each software update on its website, listing them as industry standard “CVE” numbers and submitting them to security researchers who search for them.
Amnesty International reports that the NSO Group’s software does not stay on any phone when restarted, and it is difficult to confirm that a device has been infected. It also suggests that users who are worried about being targeted want to restart their devices regularly.
Amnesty International said it had worked with international media groups to publish details of a handful of phone numbers being called and the specific circumstances under which they were targeted by NSO software. ۔ According to the Washington Post, some US phone numbers were on the list, but it is unclear whether they were hacked.
A spokesman for the NSO Group said the company would investigate all allegations of abuse.
“We want to emphasize that the NSO sells its techniques to law enforcement and intelligence agencies of law enforcement governments for the sole purpose of saving lives through crime and terrorism prevention. The NSO does not operate the system and has no access to data. ” An NSO spokesman said.
Other technology companies consider the NSO Group’s business unacceptable and a threat to the safety of their customers. Last year, WhatsApp, a subsidiary of Facebook, sued the NSO group for allegedly hacking WhatsApp. In a lawsuit filed in December as part of the case, third parties, including Microsoft, Google, Cisco and others, said the NSO group violated US law and did not deserve an exemption because it was involved with foreign governments. Sells