Sept 13 (Reuters) – A cyber surveillance company based in Israel developed a tool to break into Apple (AAPL.O) iPhones with a never-before-seen technique that has been in use since February, internet security watchdog group Citizen Lab said on Monday.
The discovery is important because of the critical nature of the vulnerability, which requires no user interaction and affects all versions of Apple’s iOS, OSX, and watchOS, except for those updated on Monday.
The vulnerability developed by the Israeli firm, named NSO Group, defeats security systems designed by Apple in recent years.
Apple said it fixed the vulnerability in Monday’s software update, confirming Citizen Lab’s finding. An Apple spokesperson declined to comment regarding whether the hacking technique came from NSO Group.
An NSO spokesperson did not immediately respond to a request for comment.
Citizen Lab said it found the malware on the phone of an unnamed Saudi activist and that the phone had been infected with spyware in February. It is unknown how many other users may have been infected.
The intended targets would not have to click on anything for the attack to work. Researchers said they did not believe there would be any visible indication that a hack had occurred.
The vulnerability lies in how iMessage automatically renders images. IMessage has been repeatedly targeted by NSO and other cyber arms dealers, prompting Apple to update its architecture. But that upgrade has not fully protected the system.
“Popular chat apps are at risk of becoming the soft underbelly of device security. Securing them should be top priority,” said Citizen Lab researcher John Scott-Railton.
The U.S. Cybersecurity and Infrastructure Security Agency had no immediate comment.
Citizen Lab said multiple details in the malware overlapped with prior attacks by NSO, including some that were never publicly reported. One process within the hack’s code was named "setframed," the same name given in a 2020 infection of a device used by a journalists at Al Jazeera, the researchers found.
"The security of devices is increasingly challenged by attackers," said Citizen Lab researcher Bill Marczak.
A record number of previously unknown attack methods, which can be sold for $1 million or more, have been revealed this year. The attacks are labeled “zero-day” because software companies had zero days’ notice of the problem.
Along with a surge in ransomware attacks against critical infrastructure, the explosion in such attacks has stoked a new focus on cybersecurity in the White House as well as renewed calls for regulation and international agreements to rein in malicious hacking.
As previously reported, the FBI has been investigating NSO, and Israel has set up a senior inter-ministerial team to assess allegations that its spyware has been abused on a global scale.
Our Standards: The Thomson Reuters Trust Principles.
- Private I: A Slice of Apple: Users with Old iOS Versions
- New Apple TV runs on iOS 4.2 and can be jailbroken
- Apple Announces New iPods, iTunes 10, iOS 4.1, and a New Apple TV
- Apple iPhone X delivery times stretch out for weeks after pre-order blitz
- Tech Talk: The Equifax data breach, a new Apple Watch and A.I. for all
- DHS warns of Chinese infrastructure software vulnerabilities
- Lenovo issues update fixing software vulnerabilities on many of its computers
- Mac Security Expert Identifies iPhone SMS Vulnerability
- Apple Quickly Patches iPhone SMS Vulnerability
- Comments for : Users complain about bugs and lags in iOS 9, all iPhone generations apparently affected
- Apple iPhone 7 vs Samsung Galaxy S7: Which flagship is best?
- Apple iPhone 6 vs Samsung Galaxy S5: in-depth specs comparison
- The evolution of Apple iPhone: a visual history
- Here’s everything new Apple showed off at Monday’s event
- Apple iPhone SE2: Rumours, specs and everything else you need to know
- Comments for : Apple iPhone 4 doubles the operating memory of its predecessor to 512MB
- Israeli tech firm Cellebrite says it can unlock most Apple iPhone models
- The "New" Apple
- Best new Android, iPhone, and Windows Phone games of December 2014
- Apple Expected to Announce Apple iPhone HD Monday
Cyber arms dealer exploits new Apple iPhone software vulnerability; affects most versions - researchers have 658 words, post on www.reuters.com at September 13, 2021. This is cached page on Europe Breaking News. If you want remove this page, please contact us.