NewsBite

Researchers find new Pegasus spyware hack targeting iMessage on Saudi activist’s iPhone

Hackers are targeting messaging apps to get spyware onto phones, cyber security researchers have warned. And you don’t even have to answer the call.

Alan Tudge criticises draft changes to the national curriculum (Triple J Hack)

The hacking of a Saudi activist’s iPhone has hammered home the point that messaging applications are becoming the easiest way to steal information.

It means something as simple as an iMessage or WhatsApp call – even if the person doesn’t answer – is all it takes to infiltrate a device.

Apple has issued an update that will close the loophole in iMessage, but there is still concern over the ease of hacking through messaging software.

This latest piece of cyber security research was published by Citizen Lab, a Canadian cyberspace and security think tank, after the phone belonging to the activist – who asked not to be named – was hacked through the use of the Pegasus surveillance tool.

Pegasus – created by NSO Group, a global cyber security organisation based in Israel – is the world’s most powerful spyware tool.

People don’t even have to answer a messaging app call for their device to become infected.
People don’t even have to answer a messaging app call for their device to become infected.

Earlier versions of Pegasus used spear-phishing – targeted emails used to deploy malicious software. But it is now capable of so-called “zero-click” attacks, where the user doesn’t need to click on anything for the hack to take place.

Once that has happened, spyware can then turn the phone into a spy device, recording from its cameras and microphones and sending location data, messages, call logs and emails back to NSO’s client.

It shows just how easy it is now for hackers to get into a person’s phone.

A simple call on a messaging app can infect devices with malicious code – even if the target doesn’t answer the call.

Citizen Lab researcher John Scott-Railton told The Washington Post the hack on the Saudi activist’s phone showed that messaging applications were the weak link.

“Chat programs are quickly becoming a soft underbelly of device security,” he told the publication.

The hacking method can be used on Apple iPhones, MacBooks and Watches.
The hacking method can be used on Apple iPhones, MacBooks and Watches.

The researchers said the hacking technique, which they called Forcedentry, has been in use since at least February and can infect iPhones, MacBooks and Apple Watches.

Pegasus has previously been the focus of investigations by cyber experts and journalists.

The program had been found to be used to target political dissidents, business leaders, journalists and human rights activists.

The latest finding is expected to heap pressure on the Israeli government who have previously said they will investigate NSO Group.

Read related topics:Apple

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

Original URL: https://www.news.com.au/technology/online/hacking/researchers-find-new-pegasus-spyware-hack-targeting-imessage-on-saudi-activists-iphone/news-story/dc5ed151272805b8a2eb62e7b5f332d6