Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

AP Photo/Eugene Hoshiko
Security Alert

You should update your iPhone now to prevent hackers from hijacking it

By tapping one link, hackers could hijack your phone and install spyware on it without your knowledge.

A FLAW IN Apple’s iPhone software could allow someone to install spyware on a person’s device by getting them to tap on one link.

The security vulnerability was originally discovered by a human rights advocate, Ahmed Mansoor, who alerted security researchers to a number of text messages he had received.

After looking at them, they discovered three previously unknown flaws within iOS’ code which would allow someone to install software on an iPhone and control it remotely. Apple has released a software update, iOS 9.3.5, which fixes this problem, and has advised all users to download it.

The flaws were discovered by two security firms, Citizen Lab and Lookout, who said the texts contained links which, if tapped, would have jailbroken the phone.

Jailbreaking a phone removes the limitations phone software place on the user, meaning unauthorised software could have been installed on it.

The attackers try to bait the user to click on it by sending a message with a normal-looking URL. Once the user clicks on it, opens their web browser and lets the page load, hackers can then exploit the iOS vulnerabilities to jailbreak the device and install malware without the user’s knowledge.

“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” said Citizen Lab.

Lookout described the flaw as “sophisticated”, noting how it takes advantage of how integrated smartphones are in our lives.

iPhone Spyware Human rights activist Ahmed Mansoor who was the target of sophisticated spyware. AP Photo / Jon Gambrell AP Photo / Jon Gambrell / Jon Gambrell

“Pegasus is one of the most sophisticated pieces of surveillance and espionage software that Lookout has investigated,” it said. “It has a novel mechanism to install and hide itself and obtain persistence on the system”.

Once it is resident, it uses a number of ways to hide its communications and protect itself from discovery, and it hooks into a large number of the phone’s functions in order to gather data and intercept messages and calls.

It’s rare that Apple releases a second security update in the same month, but the seriousness of the flaws means it’s necessary. While the likelihood of an average user being targeted isn’t as high, installing the update is important in case the flaw is used by other hackers.

To do this, go to Settings > General > Software Update and follow the instructions.

Read: How racing with drones is like being a ‘very fast bird’ >

Read: This tiny robot octopus is powered by its own gas >

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Your Voice
Readers Comments
17
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds