Apple issues emergency software update after discovery of 'zero click' malware

Tuesday 14th September 2021 08:15 BST

The malware was found on the phone of an unidentified Saudi activist by Canadian internet security watchdog Citizen Lab.

It is the first time that a "zero-click" exploit - an exploit that allows an attacker to hack into the device without requiring the victim to click on anything, meaning they have no chance to catch the attack - has been caught and analysed.

The phone is thought to have been infected in February, although the researchers discovered the malicious code on 7 September and immediately alerted Apple.

Ivan Krstic, head of Apple security engineering and architecture, said: "After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users.

"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals."

"While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data," he added.

Citizen Lab researcher Bill Marczak said there was high confidence that Israeli surveillance firm NSO Group was behind the attack, although it was "not necessarily" being attributed to the Saudi government.

In a statement to Reuters, NSO did not confirm or deny that it was behind the technique, saying only that it would "continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime".

Citizen Lab has previously found evidence of zero-click malware being used to hack the phones of some journalists and other targets but Mr Marczak said this was the first time one had been captured "so we can find out how it works".

Security experts have said that the average user does not need to be too concerned, as such attacks tend to be highly targeted, but the exploit was still alarming.

Mr Marczak said that malicious files were put on the Saudi activist's phone via the iMessage app before the phone was hacked with NSO's Pegasus spyware.

This meant the phone was able to spy on its user, without them even knowing.

Citizen Lab researcher John Scott-Railton said: "Popular chat apps are at risk of becoming the soft underbelly of device security. Securing them should be top priority."

In July it was reported that NSO Group's spyware had been used to target journalists, political dissidents and human rights activists.

NSO Group says that its spyware is only used by governments to hack the mobile phones of terrorists and serious criminals, but a leaked list featuring more than 50,000 phone numbers of interest to the company's clients suggested that it is being used much more broadly.

More than 1,000 individuals in 50 countries were allegedly selected for potential surveillance - including 189 journalists and more than 600 politicians and government officials, according to Paris-based journalism non-profit Forbidden Stories and Amnesty International, as well as their media partners.

Mr Marczak said on Monday: "If Pegasus was only being used against criminals and terrorists, we never would have found this stuff."

It has also been reported that the FBI is investigating NSO Group, and Israel has set up a senior inter-ministerial team to examine the allegations surrounding how the spyware is being used.

Now On Air
The Bluesub Show
Peter and Producer Timbo chat musicals, movies and more, with a soundtrack spanning the latest hits, each Sunday from 4pm to 6pm.