Zero-click threats ‘will persist’ despite Apple security fix

Musadiq Bidar — CBS News

Cybersecurity analysts are urging Apple users to immediately update the software of their phones, computers, and watches after the company issued an emergency security patch on Monday to prevent hackers from gaining access to the devices without the users knowing. 

In a new report, researchers at the University of Toronto’s Citizen Lab said the NSO Group, an Israeli spyware company, used what is known as a “zero-click exploit” to access the phone of an unnamed Saudi activist. Researchers at Citizen Lab called the exploit “Forcedentry” and said it has been in use since February. They also revealed that the NSO Group’s flagship “Pegasus” spyware program was used to infect the activist’s device.

“Whereas typical cyberattacks require a user to engage with a malicious piece of content – such as clicking on a rogue link – zero-click exploits do not require any sort of interaction with devices’ owners themselves,” Lisa Plaggemier, interim executive director of the National Cyber Security Alliance, told CBS News. “This means it is virtually impossible for individuals to know if they have been compromised or not,” she added.

The NSO Group is well known in the cyber world and was previously funded and operated as a U.S company but later returned to Israel. Hackers have been able to install the Pegasus spyware on the target’s device using zero-click exploits by either sending a message or calling the phone. 

“Once installed, Pegasus allows for a variety of controls that can siphon data or activate processes, such as the camera or microphone, on iOS or Android devices,” Jerry Ray, COO of the cyber firm SecureAge, told CBS News. Ray said the main difference between this exploit from the NSO Group and previous ones is the access pathway. In this instance, it was a text sent via iMessage whereas previous attempts involved placing phone calls.

“Considering all of the apps that could potentially pose a weakness that could be exploited by actors like NSO Group, this could be just another decimal point update among the countless ones to come,” Ray said.

Citizen Lab describes the NSO Group as a…