Apple has released a software update to combat "zero-click" spyware that could affect iPhone and iPad devices. Independent investigators say a security breach was exploited by infamous surveillance software to spy on a Saudi activist.
Researchers from the Citizen Lab at the University of Toronto say the malware has been used to develop Pegasus, a spyware developed by the Israeli company NSO Group. The software is said to have been used to monitor journalists and human rights advocates in many countries.
Apple's emergency release on Monday closes a security loophole that allows hackers to access devices through the iMessage platform, even if users do not click on a link or file. The Saudi activist chose to remain anonymous, the Citizen Lab said.
Apple has credited Citizen Lab researchers for finding the vulnerability.
"Attacks like these are highly sophisticated, cost millions of dollars to develop, are often short-lived, and are used to target specific individuals," said Ivan Krstick, Apple's head of Security Engineering and Architecture.
The head said that Apple quickly addressed the issue with a software fix and that the vulnerability "does not pose a threat to the vast majority of our users." However, security experts have encouraged users to update their mobile devices for protection.
In a statement, the NSO Group said it would "continue to provide life-saving technologies to fight terrorism and crime around the world with intelligence and law enforcement services."
The company has previously stated that its software is sold only to controlled customers for counter-terrorism and law enforcement purposes. Investigators, however, say they have found many cases in which spyware was developed on dissidents or journalists. In 2019, Citizen Lab analysts claimed that Pegasus was used on the cell phone of the wife of a murdered Mexican journalist.
In a lawsuit filed in 2019, Facebook accused the NSO group of trying to infect about 1.400 malware devices in an attempt to steal sensitive information from WhatsApp users. The NSO Group then disputed the allegations.
Easy-to-use cell phone hacking tools enable governments around the world to target their opponents. Sophisticated spyware developed by NSO Group and other vendors is said to have been used from Uzbekistan to Morocco.
The spyware outbreak prompted a group of United Nations human rights experts in August to call for a moratorium on the sale of such surveillance tools. The UN commission said the ban should remain in place until governments "enforce strong regulations guaranteeing its use in accordance with international human rights standards".
Source: ertnews.gr