CYBER tinkerers have discovered a new iMessage bug that has been used to hack into people’s iPhones.
According to a Toronto-based research lab, attackers exploited the flaw to infect iPhones with military-grade spyware Pegasus.
Pegasus allows users to film, record conversations, listen to calls and send messages through their device’s camera.
Versions of it have been used by government agencies to attack politicians, journalists and even Boris Johnson’s computer network.
A newly discovered exploit that secretly installed Pegasus on iPhones has been uncovered by Citizen Lab, a digital research organization based at the University of Toronto.
It was used on iPhones owned by Catalan politicians, journalists and activists in late 2019 and early 2020.
In a blog post on Sunday, researchers explained that the previously unknown iOS vulnerability called HOMAGE affects some versions earlier than iOS 13.2.
The current iOS version is 15.4. Any iPhone user with iOS version newer than 13.2 is safe from the exploit after Apple patched the issue.
“Among the Catalan targets, we did not see any instances of the HOMAGE exploit used against a device running a version of iOS greater than 13.1.3,” Citizen Lab said.
“It’s possible that the exploit was fixed in iOS 13.2.
Most Read in Phones & Gizmos
“We are not aware of any zero-day, zero-click exploits used against Catalan targets after iOS 13.1.3 and before iOS 13.5.1.”
The victims of the attacks include Catalan Members of the European Parliament (MEPs) and all Catalan Presidents since 2010.
The research lab also listed Catalan legislators, lawyers, journalists and members of civil society organizations and their families.
Citizen Lab said it provided information to Apple to help the iPhone maker investigate the source of the attacks.
“At this time, Citizen Lab cannot positively link these hacking operations to any particular government,” added Citizen Lab.
“However, a number of indicators point to a strong link with one or more bodies within the Spanish government.”
PEGASUS BEATS DOWNING ST
It follows the weekend’s revelation that Boris Johnson’s computer network had been attacked by Pegasus in a surprise security breach.
Citizen Lab claimed the software was discovered on July 7, 2020 on a device using Number 10’s network.
They said a similar violation also happened at the Foreign Office.
Hackers have been linked to the United Arab Emirates, India, Cyprus and Jordan New Yorker investigation claimed.
Several Downing Street devices were tested – including Mr Johnson’s – but officials were unable to determine which device was infected, it added.
Scientists aren’t sure what data hackers might have accessed — but they suspect information was stolen.
Senior researcher at Citizen Lab John Scott-Railton said his “jaw dropped” when he uncovered the cyberattack.
He said the UK was “spectacularly burned” after “underestimating the threat Pegasus“.
Scientists suspected that the software could have been installed on devices abroad “with someone else’s SIM card”.
A government spokesman said they would not comment on security issues.
WHAT IS PEGASUS?
Pegasus is military software that can be secretly uploaded to a smartphone or device and has been on the market since 2016.
It was designed by the Israeli company NSO Group – also called Q Cyber Technologies.
The spyware can film you through your phone camera, listen to calls and send messages.
Scientists also fear it can be used to determine where someone is and who they have met.
It is known to target both Apple and Android devices.
Pegasus – which avoids detection by antivirus software – used to be installed on smartphones by asking victims to click on a link.
But a newer version of the spyware can be loaded onto a phone without the user having to tap anything.
- Read the latest phone and gadget news
- Stay up to date on Apple stories
- Get the latest on Facebook, WhatsApp and Instagram
The best tips and hacks for phones and gadgets
Looking for tips and hacks for your phone? Want to find these secret features in social media apps? We’ve got you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science Team? Email us at email@example.com
https://www.thesun.ie/tech/8672900/apple-warning-iphone-attack-hacks-single-click/ Devastating iPhone attack that hacks you without a single click revealed by cyber experts