The industry came under a global spotlight when the Israeli surveillance firm NSO’s Pegasus spyware was in recent years found to have been used by multiple governments to spy on journalists, activists, and dissidents.
Anti-surveillance activists accuse them of aiding governments that in some cases use such tools to crack down on human rights and civil rights. The global industry making spyware for governments has been growing, with more companies developing interception tools for law enforcement.
Google said it had taken steps to protect users of its Android operating system and alerted them about the spyware, known as Hermit. “RCS Lab personnel are not exposed, nor participate in any activities conducted by the relevant customers,” it told Reuters in an email, adding it condemned any abuse of its products. RCS Lab said its products and services comply with European rules and help law enforcement agencies investigate crimes. An Apple spokesperson said the company had revoked all known accounts and certificates associated with this hacking campaign. The governments of Italy and Kazakhstan did not immediately respond to requests for comment. “These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house,” Google said.
If you haven't yet updated your Apple devices this week, you should check for the update and run it as soon as possible.įind out which Apple technology we rate highest by comparing our Apple mobile phone reviews, Apple tablet reviews and Apple smartwatch reviews.European and American regulators have been weighing potential new rules over the sale and import of spyware.
'While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.' Older Macs running Catalina and Mojave will receive updates to Safari version 14.1.2.Īpple's head of security, Ivan Krstiu0107, said: 'Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.
The phones of activists in Bahrain, French journalists, and an adviser to Dubai's Princess Latifa, who was recaptured in 2018 on a yacht on the Indian Ocean after fleeing the emirate, are among those whose phones are said to have been compromised by Pegasus spyware.Ĭompare our Mac antivirus software package reviews.Ī patch for the vulnerability was pushed out on 13 September 2021 by Apple, which updates iPhones to iOS 14.8, and iPads to iPadOS 14.8.Īpple Watches are updated to watchOS 7.6.2, while Macs running the current Big Sur version of macOS are updated to Big Sur 11.6. NSO Group says its products are meant to be used only to target criminals by licensed law enforcement bodies, but Pegasus is known to have been used in the past to target dissidents, journalists and human rights activists. The exploit in this case, called 'FORCEDENTRY', was found when the researchers analysed an iPhone belonging to a Saudi dissident, whose phone was hacked when they were sent image files containing the spyware via iMessage.Ĭitizen Lab said that FORCEDENTRY is the latest in a string of zero-click exploits linked to NSO Group, an Israeli company best known for its Pegasus spyware.
It means they can silently snoop on the target without them having any clue their device has been compromised. Spyware that can be installed without the phone's owner doing anything at all is highly prized by law enforcement, criminals and some governments. While it's very unlikely that ordinary users' Apple devices will be targeted by Pegasus spyware, the vulnerability the researchers found has worried security experts. Once the spyware is on a device, the attackers can silently copy and steal the messages sent and received on the phone, use the camera to secretly film the phone's owner, and eavesdrop via the microphone.
Once the infected files - in this case, PDF documents disguised as GIFs - are on a device, Pegasus spyware is silently installed. It allows attackers to deploy what's called a 'zero-click exploit' that can run silently without the owner of the device having to click on a suspect link or open a document. The security flaw was discovered by cybersecurity researchers Citizen Lab, based in Toronto. How does the vulnerability put Apple users at risk?