Zero-Click Spyware on iPhone (and Android)
Is it bad? Yes!
Do you need to upgrade? Yes!
Are you infected? Most likely not.
Spyware, malware, ransomware – unfortunately these are now a daily fact of tech life. There are more successful exploits against Windows and Android than macOS and iOS, but as yesterday’s slew of headlines demonstrates, Apple users can no longer afford to be complacent.
Still, it’s unusual to encounter a zero-day, zero-click exploit against iOS (and iPadOS, macOS and watchOS). A zero-day is where an exploit is detected and patched only after it is discovered in the public domain (in the wild). A zero-click is where an exploit can perform its bad actions without the user clicking anything like “download this bad software”.
In this case, the attack uses a vulnerability in Apple’s CoreGraphics library. This is responsible for showing you images and PDF files – all you have to do is look. The bad image or PDF is usually sent by iMessage, WhatsApp or Telegram.
The good news (if we can call it good?) is that you are most likely NOT at risk. This is because the exploit is part of the Pegasus spyware toolkit, sold by the Israeli NSO Group to nation-state actors intent on targeting activists, journalists, lawyers and other at-risk groups. The Pegasus software is expensive and used on specially selected targets. It’s not the “You missed your Amazon delivery” type of mass attack.
In any case, you should definitely upgrade your devices, right now. Ensure that iOS and iPadOS are at 14.8, macOS Big Sur is at 11.6, macOS Catalina has Security Update 2021-005 and watchOS is at 7.6.2. Yes, of course you can read messages on your watch!
Pegasus is highly sophisticated, and if you ARE infected, you need to get expert help. If you work in politically-sensitive areas or are concerned that you may be at risk, there is fortunately a free, simple check to see if you are potentially infected.
We already use the iMazing software for all our iOS and iPadOS backup and upgrade operations, and the Swiss-based DigiDNA company has made the spyware check available for free, so you don’t even need to buy the software.
It’s important to know that iMazing CANNOT prevent spyware infection, nor remove it if you’re infected. Also, checking is hard, so there MAY be false positives. You will need: a Mac with enough free disk space to back up your entire iOS or iPadOS device, a USB cable (because the process is SO much faster), and a couple of hours to complete the steps. The how to guide is at https://imazing.com/guides/detect-pegasus-and-other-spyware-on-iphone and you can download the software from https://imazing.com/download.
We’ve found the iMazing software invaluable over the past few years, and we expect you will also! As always, every tool that we can use to stay safe is worth the small investment compared with the cost of cleaning up after an attack.
Welcome to WordPress. This is your first post. Edit or delete it, then start writing!