Friday, August 26, 2016

Beware of this spy software for iPhones! – Computer Week

A newly discovered spy software to get an up to now unprecedented access to iPhones and other Apple devices. IT security firm Lookout According to the program could read along, among other messages and emails, track calls, tap passwords, record audio and track the location of the user thanks to three previously unknown software vulnerabilities. According to the findings of experts, the program has also been used against human rights defenders and journalists. Apple stuffed the vulnerabilities in the iPhone iOS system on Thursday – about two weeks after the first suspicion.

It is unprecedented that a software to monitor iPhones could be with such capabilities, which are usually attributed only intelligence, discovered and analyzed. According to the experts behind the program a company from Israel, which was acquired by a financial investor and was regarded as a sort of cyber arms dealer.

“most sophisticated terminal attack”

Situated Flew was the malicious program as a well-known human rights activist from the UAE suspected in a message with a link to the alleged information about torture of detainees in the have drawn the country, it said. Instead of clicking the link, Ahmed Mansur had turned the security researchers. They gave the discovered surveillance program named “Pegasus”

& quot; Pegasus & quot;  compromised million iPhones - Apple fanboys and  cowgirls should. updated quickly.
“Pegasus” endangered million iPhones – Apple fanboys and cowgirls should update quickly
Photo: simone Mescolini –

“Pegasus is the most sophisticated attack that we have ever seen on a terminal,” summed Lookout. The program benefit from the fact that mobile devices are deeply integrated into everyday life. In addition, they combined a variety of information such as passwords, photos, emails, contact lists, GPS location data. The spy software is modular and go for encryption to evade detection. Lookout lets iPhone users now with an app check if your device has been infected. Also

The Canadian Citizen Lab found evidence that a Mexican journalist and previously unspecified known targets in Kenya with the help of “Pegasus “had been spied. Overall, however, was initially unclear how wide and how long they may have been used.

A spokesman for the suspected from originator company NSO Group explained the “New York Times”, you only sell to government agencies and keep strictly to export regulations. He did not comment on whether software company in the UAE or in Mexico was being used.

How iPhones were cracked

Lookout analyzed the attack thoroughly and could approach of “Pegasus” accurately understand. So broke the malware iPhones:

Step one: About a vulnerability in Apple’s Safari web browser could be executed any software code. The attackers took advantage of this in order to load the attack elements of “Pegasus” on the device. To trigger this, you need to click on a crafted link. The only unusual behavior for the user was that joined the Safari app.

Step two: The now active on the device “Pegasus” software thanks to the second vulnerability felt that Apple actually hidden heart of the iPhone operating system iOS, called the kernel. He is a key element for the safety of the equipment.

Step three: has reported a vulnerability in the kernel itself “Pegasus” secured wide-ranging access to the iPhone. The spying program secretly led by a “Jailbreak” – so is the process in which an iPhone is freed from the limitations provided by Apple. Some users make the self in order to install more software and configure the device more freely. But this fall, the hurdles for attacks. So here, too: After unrecognized “Jailbreak” “Pegasus” monitoring software could add

Mutes for Apple

The list published by Apple iOS version 9.3.5.. is intended touch for iPhone, iPad tablet and the multimedia player iPod. For the Group, the spy program is a painful damper: The safety of the equipment is an important pillar of the Apple marketing and the Group invested heavily in encryption and other security mechanisms. Apple stressed that they always recommend users to use the latest iOS version.

So-called “zero-day” security breaches that are not known to the provider of software used by intelligence services and criminal hackers. Also, the computer worm “Stuxnet”, of sabotaging the Iranian nuclear program, attacked several such gaps. “Zero-day” vulnerabilities in iPhones traded expensive and can cost a million dollars. That “Pegasus” equal took three of them, therefore, is relatively uncommon. (Dpa / sh)


No comments:

Post a Comment