A FLAW IN Apple’s iPhone software could allow someone to install spyware on a person’s device by getting them to tap on one link.
The security vulnerability was originally discovered by a human rights advocate, Ahmed Mansoor, who alerted security researchers to a number of text messages he had received.
After looking at them, they discovered three previously unknown flaws within iOS’ code which would allow someone to install software on an iPhone and control it remotely. Apple has released a software update, iOS 9.3.5, which fixes this problem, and has advised all users to download it.
The flaws were discovered by two security firms, Citizen Lab and Lookout, who said the texts contained links which, if tapped, would have jailbroken the phone.
Jailbreaking a phone removes the limitations phone software place on the user, meaning unauthorised software could have been installed on it.
The attackers try to bait the user to click on it by sending a message with a normal-looking URL. Once the user clicks on it, opens their web browser and lets the page load, hackers can then exploit the iOS vulnerabilities to jailbreak the device and install malware without the user’s knowledge.
“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” said Citizen Lab.
Lookout described the flaw as “sophisticated”, noting how it takes advantage of how integrated smartphones are in our lives.
“Pegasus is one of the most sophisticated pieces of surveillance and espionage software that Lookout has investigated,” it said. “It has a novel mechanism to install and hide itself and obtain persistence on the system”.
Once it is resident, it uses a number of ways to hide its communications and protect itself from discovery, and it hooks into a large number of the phone’s functions in order to gather data and intercept messages and calls.
It’s rare that Apple releases a second security update in the same month, but the seriousness of the flaws means it’s necessary. While the likelihood of an average user being targeted isn’t as high, installing the update is important in case the flaw is used by other hackers.
To do this, go to Settings > General > Software Update and follow the instructions.