iPhone users urged to update to IOS 9.3.5 after hack threat
Apple iPhone users are being urged to update their handsets after a private cyberarms dealer found a way to hack the iPhone with sophisticated malware.
The Isreal-based NSO group developed the ‘world first’ malware, which exploited three previously unknown iOS vulnerabilities.
NSO Group’s software effectively transforms the phone into a surveillance device, tracking its movements, logging messages and downloading personal data.
It also allowed hackers access to their passwords and could record sounds.
Apple quickly moved to patch the insecurities, and is advising all users to update their iPhones.
We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5, through an Apple spokesperson.
Rockingham IT Solutions are advising all of our customers to always download the latest version of iOS to protect themselves against potential security exploits.
The majority of iPhone users are currently using iOS 9, though anyone who has updated to the iOS 10 beta is safe, Apple says. All users should update their iPhones to at least 9.3.5
To update your iPhone, plug your device into power and connect to the internet with Wi-Fi. Then tap Settings, General, then Software Update.
The malware was detailed in a report from Citizen Lab and Lookout security, and Lookout vice president of research Mike Murray said the NSO software, called Pegasus, is “the most professional piece of spyware that I’ve ever seen.”
He told The Wall Street Journal the software operates stealthily, ensuring that it doesn’t quickly drain the battery and speeding up its data transfer when it is on Wi-Fi networks so that it doesn’t get noticed.
NSO has billed itself as a leader in the field of cyberwarfare, offering tools for governments to keep tabs on criminals and terrorists who use encrypted communications. The company has been thought to be capable of installing unauthorised software on Android, BlackBerry and iPhone devices, but Thursday’s report provides the first in-depth look at its capabilities.
“We’re a complete ghost,” NSO co-founder Omri Lavie told Defense News in a 2013 interview. “We’re totally transparent to the target, and we leave no traces.”
Researchers highlighted the unusual way that Pegasus is installed on a phone, taking advantage of the three flaws in iOS to silently “jailbreak” the phone and circumvent the requirement that only Apple-approved software runs on the device.
This type of one-click iPhone attack previously has been described by researchers but never been seen in a real-world attack, Lookout’s Mr Murray said.