We wrote earlier this year about ‘Pegasus,’ an iOS exploit that allows hackers to access a user’s private data via iMessage.
While somewhat worrying from a security standpoint, reports suggest its a very expensive process generally only used by corrupt governments to target specific individuals. For example, in August nine Bahraini activists were hacked using Pegasus, and other state-sanctioned attacks on journalists, lawyers, and humans rights defenders have been reported in the past. It’s extremely unlikely this software would be used to target random users.
That said, despite the political nature of the attacks and the fact that only a handful of people are affected, Apple is taking a stand.
Firstly, Apple has filed a lawsuit against the Israeli-owned NSO Group who created Pegasus, calling it out for illegal surveillance using spyware. Apple wants the courts to grant an injunction to ban NSO Group from using any Apple software or hardware.
Secondly, Apple has started sending threat notifications to users it believes may have been targeted along with instructions on what to do about it. It sends these notifications by text and email, although as those things can be easily spoofed, users receiving such a notice should always manually log into appleid.apple.com to verify the message is legitimate.
Thirdly, Apple is working to beef up security to prevent this kind of thing from even being possible. It already says that it’s not been able to find evidence that these tools work on iOS 15, so that’s an extra reason to update your device if you haven’t already. And anyone targeted will receive additional security assistance from Apple.
Lastly, if you think you have been targeted by hackers or have any other serious cybersecurity concerns, your best course of action is to visit the Consumer Reports Security Planner website for more information.