Researchers find new Pegasus spyware hack targeting iMessage on Saudi activist’s iPhone
Hackers are targeting messaging apps to get spyware onto phones, cyber security researchers have warned. And you don’t even have to answer the call.
Hacking
Don't miss out on the headlines from Hacking. Followed categories will be added to My News.
The hacking of a Saudi activist’s iPhone has hammered home the point that messaging applications are becoming the easiest way to steal information.
It means something as simple as an iMessage or WhatsApp call – even if the person doesn’t answer – is all it takes to infiltrate a device.
Apple has issued an update that will close the loophole in iMessage, but there is still concern over the ease of hacking through messaging software.
This latest piece of cyber security research was published by Citizen Lab, a Canadian cyberspace and security think tank, after the phone belonging to the activist – who asked not to be named – was hacked through the use of the Pegasus surveillance tool.
Pegasus – created by NSO Group, a global cyber security organisation based in Israel – is the world’s most powerful spyware tool.
Earlier versions of Pegasus used spear-phishing – targeted emails used to deploy malicious software. But it is now capable of so-called “zero-click” attacks, where the user doesn’t need to click on anything for the hack to take place.
Once that has happened, spyware can then turn the phone into a spy device, recording from its cameras and microphones and sending location data, messages, call logs and emails back to NSO’s client.
It shows just how easy it is now for hackers to get into a person’s phone.
A simple call on a messaging app can infect devices with malicious code – even if the target doesn’t answer the call.
Citizen Lab researcher John Scott-Railton told The Washington Post the hack on the Saudi activist’s phone showed that messaging applications were the weak link.
“Chat programs are quickly becoming a soft underbelly of device security,” he told the publication.
The researchers said the hacking technique, which they called Forcedentry, has been in use since at least February and can infect iPhones, MacBooks and Apple Watches.
Pegasus has previously been the focus of investigations by cyber experts and journalists.
The program had been found to be used to target political dissidents, business leaders, journalists and human rights activists.
The latest finding is expected to heap pressure on the Israeli government who have previously said they will investigate NSO Group.
More Coverage
Originally published as Researchers find new Pegasus spyware hack targeting iMessage on Saudi activist’s iPhone
Aussies’ private information sold for profit
Australians’ private information is being shared hundreds of times a day with online advertisers who resell and distribute it to unknown parties, putting people at risk of targeted scams.
How movie piracy can cost Aussies thousands
Aussies who are pirating movies and TV shows are falling victim to scams. See the 10 most illegally downloaded shows and why you need to protect yourself.