Pegasus Spyware Illustrates Importance of Updating iOS Devices
Earlier this week, Apple released iOS 15. The new operating system arrived only a week after the tech giant rolled out iOS 14.8 and other updates for their devices to counter an aggressive new spyware called “Pegasus.” The new spyware, discovered earlier this week, can hack into iOS devices using a dangerous “zero-click” method.
This means that, unlike other malware, the Pegasus virus can infect your phone by sending an image via iMessage. At that point, all it takes is opening the message. You don’t even have to click on the image for the hackers to get in! Pegasus does this by sending a malicious PDF that imitates an image or GIF. But within the PDF is code that bypasses the outdated device’s security firewall and infects the device.
Developed by NSO Group, a self-proclaimed “security” company that sells spyware and surveillance software to various organizations and governments around the world, the Pegasus app works by exploiting a bug in the way iOS devices process PDF files in iMessage. Because of the way it operates, Citizen Lab gave it the nickname “ForcedEntry.”
It was first discovered on a Saudi activist’s phone by Citizen Lab, a public interest cybersecurity group, and has since been found on devices belonging to other activists and journalists. It is believed to have been employed by a wide range of perpetrators, from drug cartels to authoritarian governments.
A particularly alarming aspect of this virus is that infected users have no way of immediately knowing if their device has been compromised. And, while Apple asserts that the majority of Apple users will likely never encounter this malware themselves, it serves as an important reminder that keeping your devices updated isn’t only important for usability, but security as well.
Want to stay up to date with Information Security news and learn more about our continued efforts to keep you safe? Check us out at our website and keep an eye out for emails labeled “Security Update” for urgent messages about information security.
Sources: Mashable, CNET, Ars Technica