'Zero click' hack: All you need to know about Pegasus flaw in iPhones

By | Written by Amit Chaturvedi, Hindustan Times, New Delhi
Sep 15, 2021 06:54 AM IST

Apple released a fix for Pegasus related vulnerability on Monday and urged all its users to install it on their devices. Security analysts say a fix of this speed is a rarity, even for a big company.

Apple has released a fix to keep people who are using its devices safe from spyware Pegasus. The software developed by Israeli company NSO Group used previously unknown flaws in Apple's software to deploy Pegasus in users' devices.

The vulnerability was identified in Apple iMessage software, which allowed Pegasus to be silently inserted into phones.(AFP Photo)
The vulnerability was identified in Apple iMessage software, which allowed Pegasus to be silently inserted into phones.(AFP Photo)

The new version of the spyware was found by Canadian cyber security researchers at Citizen Labs, who discovered Pegasus implanted in the phone of a Saudi activist.

The weakness in Apple's software allowed for the spyware to be inserted silently without needing to fool the victim into opening suspicious links or files.

So, how does zero click attack works? And can it be stopped? Here's everything you need to know.

What is a 'zero-click' hack?

Spying software has traditionally relied on convincing the targeted person to click on a booby-trapped link or file in order to install itself on their phone, tablet or computer.

"Zero-click takes that threat to the next level," said John Scott-Railton, senior researcher at Citizen Lab, the Toronto University cybersecurity centre which discovered the Apple flaw.

With a zero-click attack, the software can sneak its way onto the device without the person needing to be fooled into clicking on the link.

What was the weakness in Apple's software?

The malware exploited a hole in Apple's iMessage software to stealthily install Pegasus, a hugely invasive piece of software. It would allow spies to turn a phone into a pocket listening device and grant them much easier access.

Allegations that the software has been used by governments worldwide to eavesdrop on human rights activists, business executives and politicians sparked a global scandal in July.

How to know if an iPhone is infected?

Security analysts say it's not possible to know if a phone is infected. "There's nothing you can do as a user to protect yourself from infection, and nothing you're going to see when you're infected," Scott-Railton told news agency AFP.

He asked all those who have an iPhone to install the latest security update as soon as possible. Apple announced a fix for the problem just under a week after Citizen Lab reported it on September 7.

Before this latest security threat to iMessage, WhatsApp discovered in 2019 that it, too, had a zero-click vulnerability that was being used to install Pegasus on phones.

Story Saved
Live Score
Saved Articles
My Reads
My Offers
Sign out
New Delhi 0C
Thursday, June 08, 2023
Start 14 Days Free Trial Subscribe Now
Register Free and get Exciting Deals