Apple on monday advised all users to update their devices after researchers warned Israeli spyware company NSO Group has developed a way to take control of almost any Apple computer, watch, or iPhones.
“It’s absolutely terrifying,” said John Scott-Railton, senior researcher at Citizen Lab, who recently discovered the software exploit and told Apple about it. The group released a report on the matter on Monday.
The malware takes control of an Apple device by first sending a message through iMessage, the company’s default messaging app, and then hacking a flaw in how Apple processes images. This is known in the cybersecurity industry as a “zero click” exploit – a particularly dangerous and pernicious flaw that does not require a victim to click a link or download a file to take over.
The people whose devices have been exploited are extremely unlikely to realize they have been hacked, Scott-Railton said.
“User sees crickets while their iPhone is operated silently,” he said. “Someone sends you a GIF that isn’t, and then you’re in trouble.” That’s it. You don’t see anything.
NSO Group creates surveillance and hacking software that it rents to governments to spy on individuals’ computers and smartphones. For years, he has insisted that his main product, Pegasus, is a vital tool in stopping terrorists and other criminals, and that he is simply leasing his technology to legitimate governments in accordance with their own laws. He also insisted that it cannot be used to target Americans’ phones and that it is revoking the use of countries that abuse its products.
But Citizen Lab, a cybersecurity research center at the University of Toronto, has repeatedly found cases of Pegasus software being used against journalists in Mexico investigating Saudi cartels and dissidents, including associates of the columnist. Washington Post murdered Jamal Khashoggi.
A spokesperson for the NSO group did not immediately return a request for comment.
While Pegasus isn’t known to monitor large numbers of people, governments often use it to target individuals who don’t appear to be violent criminals, said Bill Marczak, senior researcher at Citizen Lab. Citizen Lab could only identify this exploit because it was examining the phone of a Saudi dissident who has so far not given permission to share his name with the public, he said.
“In this case, it is quite clear that this person was targeted for being an activist and not for some other reason,” Marczak noted.
Apple did not immediately return a request for comment but did release technical notes with a new software update available on Monday that fixed the flaws identified by Citizen Lab. The company noted that “this issue may have been actively exploited.”
Updating to the latest version of iOS or Mac OS will prevent users from being newly infected with this particular exploit, Scott-Railton said.
“This will prevent you from getting infected with this exploit in the future,” he said. “But what we do know is that NSO is always trying to find other ways to infect people’s phones, and they may look to something else.”