Rogue software and security breaches are a persistent concern for consumers and developers alike in today’s online culture. The threat posed to personal data is magnified when these exploits target portable technology such as smart phones. Because, by their very nature, our handheld devices are usually connected to a network (via WiFi, or 3/4G), and the data stored and shared on them is often personal in nature.
Many Apple users will face an anxious few days as headlines report that a previously-undetected security flaw in the iOS system has been exploited by a malware program known as ‘Pegasus’.
The Pegasus spyware is unique for several reasons. It attacks three separate points of vulnerability; it attacks the iOS kernel, meaning it is capable of compromising any operation within a targeted device, such as viewing a conversation on apps like WhatsApp; and because it is a covert attack that was only detected thanks to human vigilance once it had been released.
What is Pegasus?
46-year-old human rights activist, Ahmed Mansoor, first detected the Pegasus malware after he received a suspicious email and forwarded its contents to security researchers at the University of Toronto. Working with private security firm Lookout, the university’s ‘Citizen Lab’ department traced the origin of the Pegasus malware back to a company known as NSO Group. The Tel Aviv-based software developers – who specialise in digital security – had developed the program which hackers had then used to target Mr Mansoor’s device directly.
How Dangerous is Pegasus?
The Pegasus software constitutes what is known as a ‘zero-day attack’. This means it exploits a previously unidentified vulnerability in the iPhone’s operating system. The main cause for concern with this type of attack is that it may take security experts a significant amount of time to solve the flaws in the system. Meanwhile, the malware is able to continue to spread to other, vulnerable devices.
In the case of Pegasus, however, Apple has been swift in their response; effectively fixing the three separate security exploits in their iOS operating system in just a few days. The latest iOS update (patch 9.3.5), contains a fix that prevents Pegasus from installing on further devices.
Of greater concern to the company will be the potentially widespread damage to their carefully managed global brand. The vulnerable version of the iPhone operating system, iOS 9, is used by 87% of all handheld Apple devices. That translates to approximately 900mn users worldwide put at risk by the hostile program. Analysts have also detected coding within the Pegasus software that relates to iOS version 7 – suggesting the hack has been in development for several years, or that is has been designed to maximise the disruption among all Apple customers.
How To Protect Your iPhone and Data from the Pegasus Exploit
The three points of weakness (known as ‘Trident’) allow attackers to alter the core processes of infected devices. Pegasus spyware can be transmitted without detection through links and touch-screen elements and is then capable of accessing a phone’s memory, camera and microphones, and data from popular apps such as Facebook, WhatsApp, Skype, Gmail, and Twitter.
The ease at which the spyware can be transmitted to vulnerable devices means that all iPhone users should update their operating systems to version 9.3.5 before attempting to browse apps or web content. Once updated, previously unaffected devices will remain secure. However, the spyware has been shown to persist in infected devices, even after the update; and no official solution is currently available which removes the program from infected phones. Customers are advised to avoid third party software which purports to remove the malware, and should instead take their affected handsets to an Apple store.