The Stealthy iPhone Hacks That Apple Still Can't Stop - Wired
( August 25, 2021; Wired )
IT'S A SHOCKING revelation: The Bahraini government allegedly purchased and deployed sophisticated malware against human rights activists, including spyware that required no interaction from the victim—no clicked links, no permissions granted—to take hold on their iPhones. But as disturbing as this week's report from the University of Toronto's Citizen Lab may be, it's also increasingly familiar.
These “zero-click” attacks can happen on any platform, but a string of high-profile hacks show that attackers have homed in on weaknesses in Apple's iMessage service to execute them. Security researchers say the company's efforts to resolve the issue haven't been working—and that there are other steps the company could take to protect its most at-risk users.
This is the nightmare scenario. The iMessage application can't be deleted from the phone, and the user doesn't have to open a message or click on a link to be compromised. To date, these zero-click attacks are rare, and typically reserved for the highest profile targets. Apple pushed to limit the iMessage risk with the use of BlastDoor, a quarantine environment for iMessage in its most recent, iOS 14 release, but this latest exploit shows that the problem still isn't fully solved.
The latest attack is referred to as Megaladon by Amnesty International or Forced Entry by Citizen Labs. At the time Wired published this source article, Apple had not yet issued a fix.
Read the rest from : The Stealthy iPhone Hacks That Apple Still Can't Stop
-h/t Bruce Schneier
Check the #penny4thoughts tag to find other active conversations.
Have you forgotten why the US stopped importing or relying on China for its microchips?
Oh, right, that's a good point. Thanks!
I think that threat was mostly directed at government and large business servers instead of retail consumers, but you're right, that it was also zero-click.
The exploit is iMessage, Not SMS. SMS messages don’t preload links. I recon you still have to actively click on SMS links for those exploits to work. In that case, iMessage should just not work for unknown contacts. It should fall back to SMS.
Good point. I'm not familiar with iMessage, so I don't know how much of a change that would be. For high profile targets, a close contact could always be bribed or coerced into launching an attack anyway, but at least it would reduce the risk.
Zero-click attacks on the development of the cyber security world are increasing at an unusual pace. We apply far more sophisticated tactics than the cyber attacks we see daily. There are solutions to the problem as well. Hopefully the technologists will come up with a permanent solution to stop it very soon.
Agreed. It has always been a "cat and mouse" game between attackers and defenders. One vulnerability gets fixed and another gets discovered... ; -)
This is the most dangerous spyware I heard ever. The don’t need any permission or click link from us still they can hack our Iphone. It has become risky to use iphone.
The article does mention that zero-click attacks can also happen on other platforms, but you're right, it is very dangerous. Also, the fact that they don't let you delete or disable the iMessenger application makes it even riskier.
This backdoor could put the security of the numerous iOS device users and the reputation of Apple inc. at risk. They should try recruiting other cyber security experts and software engineers specially for this cause.
It was very bad news for Apple because most of the Iphone users will leave it and shift to another smartphone if the face this problem.
At present many people have been affected in their privacy, people like me, ordinary people, obviously the powerful are the target to follow, but no one is free from this problem that service providers must address, they would be the most affected by lose your customers.
I wish you a good day
The iPhone cannot be hacked, it has been proven wrong. Especially, there is no reason to think so when it comes to Pegasus spyware. Because Pegasus spyware can easily hack all the systems of the phone including the data and call logs in the iPhone. With ‘Zero click iMessage’, hackers can easily get this spyware into updated iPhones. Through which all the information from the iphone goes to the hackers easily at moment.
I have never seen that, it really is surprising and dangerous, I hope that this malware was not created by Apple's competition to create a bad reputation for their products.
The article says it was created by the NSO group.
When we are young we used to heard about Iphone is the most secure phone. But as we are more into technology things are changing