Researchers find new Pegasus spyware hack targeting iMessage on Saudi activist’s iPhone
Hackers are targeting messaging apps to get spyware onto phones, cyber security researchers have warned. And you don’t even have to answer the call.
The hacking of a Saudi activist’s iPhone has hammered home the point that messaging applications are becoming the easiest way to steal information.
It means something as simple as an iMessage or WhatsApp call – even if the person doesn’t answer – is all it takes to infiltrate a device.
Apple has issued an update that will close the loophole in iMessage, but there is still concern over the ease of hacking through messaging software.
This latest piece of cyber security research was published by Citizen Lab, a Canadian cyberspace and security think tank, after the phone belonging to the activist – who asked not to be named – was hacked through the use of the Pegasus surveillance tool.
Pegasus – created by NSO Group, a global cyber security organisation based in Israel – is the world’s most powerful spyware tool.
Earlier versions of Pegasus used spear-phishing – targeted emails used to deploy malicious software. But it is now capable of so-called “zero-click” attacks, where the user doesn’t need to click on anything for the hack to take place.
Once that has happened, spyware can then turn the phone into a spy device, recording from its cameras and microphones and sending location data, messages, call logs and emails back to NSO’s client.
It shows just how easy it is now for hackers to get into a person’s phone.
A simple call on a messaging app can infect devices with malicious code – even if the target doesn’t answer the call.
Citizen Lab researcher John Scott-Railton told The Washington Post the hack on the Saudi activist’s phone showed that messaging applications were the weak link.
“Chat programs are quickly becoming a soft underbelly of device security,” he told the publication.
The researchers said the hacking technique, which they called Forcedentry, has been in use since at least February and can infect iPhones, MacBooks and Apple Watches.
More Coverage
Pegasus has previously been the focus of investigations by cyber experts and journalists.
The program had been found to be used to target political dissidents, business leaders, journalists and human rights activists.
The latest finding is expected to heap pressure on the Israeli government who have previously said they will investigate NSO Group.