A general misconception that drives cybersecurity experts like me insane is that Apple products are “safe.” By “safe,” I mean not as susceptible, or even completely invincible, to being hacked. This is patently false, as Apple has yet again proven via their latest patch update. Given the name “Trident” by researchers at Citizen Lab and Lookout, these iOS zero-day vulnerabilities (CVE-2016-4655, CVE-2016-4656, and CVE-2016-4657) could allow an attacker to remotely jailbreak a mobile phone and covertly install complex spyware.
The spyware in question is called Pegasus, which was discovered when “attackers targeted a human rights defender with mobile spyware, providing evidence that governments digitally harass perceived enemies, including activists, journalists, and human rights workers.” The human rights defender in question is Ahmed Masoor, who noticed his phone was infected when he “received text messages promising ‘secrets’ about detainees tortured in UAE jails if he clicked on an included link.”
The Pegasus spyware is linked to an Israeli tech organization called NSO Group, which wasn’t well-known among cyber-warfare experts until now. Pegasus is particularly dangerous as Lookout researchers point out it is “highly advanced in its use of zero-days, obfuscation, encryption, and kernel-level exploitation.” This is likely not the last time that Pegasus will be used, as it may be upgraded in the future to circumnavigate patches like those released by Apple.
Apple is strongly urging any iOS users to make certain that all updates are installed. In order to check for this, go to “Settings > General > About > Version” and ensure you are running the most up-to-date version on your phone. Even though you may not be a human rights activist with many enemies, you are still susceptible to Pegasus if you have not patched your Trident vulnerabilities. It is not uncommon for spyware and the like to get passed around the Darknet and wind up in cyber-criminals’ hands.
Nothing is ‘unhackable’
There are two major lessons to be learned from the Trident zero-days. The first is that there is never a truly unhackable product, and the fact that people continue to believe so is a major concern. The second lesson is that the cyber war is escalating to attacks against activists and journalists, rather than just nation-states.
Sooner or later we will all be involved in the cyber battlefield, whether we’re ready or not.