Israeli cyberspying firm hacks iPhones, exposes its vulnerability; Report 

By Arya M Nair, Intern Reporter
  • Follow author on
iPhone Hack image
Representational image

An Israeli cyberspying firm developed a program to hack Apple iPhones using a unique technique that has been in use since at least February, according to Canada-based Citizen Lab, an internet security watchdog group.

The revelation is significant because of the serious nature of the vulnerability, which requires no user involvement and affects all versions of Apple’s iOS, OSX, and watchOS, except for those updated recently. The program developed by NSO Group, an Israeli company, defeats security mechanisms created by Apple in recent years.

According to reports, NSO did not acknowledge or deny involvement in the technique, instead stated that it will continue to provide life-saving technologies to intelligence and law enforcement organizations around the world in the fight against terrorism and crime.

Ivan Krstić image
Ivan Krstic
Head of Security Engineering & Architecture
Apple

“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”

The vulnerability lies in how iMessage automatically renders images. NSO and other cyber arms dealers have frequently targeted iMessage, causing Apple to change its design. However, the system has not been entirely safeguarded as a result of the upgrade. 

Citizen Lab said multiple details in the malware overlapped with prior attacks by NSO, including some that were never publicly reported. One process within the hack’s code was named “set framed,” the same name given in a 2020 infection of a device used by a journalist at Al Jazeera, the researchers found.

The rise in ransomware attacks on key infrastructure has sparked a new focus on cybersecurity in organizations, as well as renewed calls for regulation and international agreements to combat malicious hacking.

A record number of previously unknown attack methods, which can be sold for $1 million or more, have been revealed this year. The attacks are known as “zero-day” as software companies were given no advanced notice of the problem.

Related: Apple to take more time for its child safety feature launch

YOU MAY LIKE