Recently, the head of Apple’s technical department has issued a press release, urging all the users to upgrade the software/OS at the earliest.
He explained recently in his tweet that the researchers from the Citizen Lab in the University of Toronto have discovered all the Apple devices have become vulnerable to hackers due to the “zero-click exploit.”
Usually, when someone acts as a device, it may open a back door in the encryption layers of the internal software. And it is through these back doors that hackers can quickly get access to the device. Also, these loopholes in the encryption system pave the way for the virus and malware.
However, this new form of hacking doesn’t require any action from the user’s end. Any hacker having high skills can quickly enter a system without letting the user know about the presence of an intruder and access confidential files and data with ease.
Since the user does not act, it is challenging to track the hackers, giving them an upper hand in the cyber security game.
While going through the iMessage feature on an iPhone, researchers recently discovered that Pegasus Spyware infected it. However, this virus didn’t enter the phone after a user activity.
Instead, it was installed into the Saudi activist’s phone without him knowing about anything. And that’s where the level of risks increases by ten folds.
What is the Zero-click Hacking Method?
The Zero Click method is a new but advanced-level hacking technique. The hackers can easily infiltrate any Apple system without letting the user know anything about the intrusion.
Until now, people hardly had an idea about such a hacking method, which is why the statement was released on Global News by John Scott-Railton.
He is a senior researcher working at the Citizen Lab who said, “We have an idea about how malware, virus, and other suspicious activity can be tracked and resolved on a device.
But this Zero-Click technique isn’t child’s play. It is an advanced-level hacking that comes with years of practice, building complex codes, and many financial back-ups. It can allow the hackers to gain entry to any system without letting their presence known to the user”.
From this statement, it’s clear that if an iPhone or the Mac is infected through the Zero-Click method, the device will become a digital spy.
Hence, the hacker will have unrestricted access to the data stored in the device, and there won’t be any way to identify the intruder.
Recommendation: Android Vs. iOS App Development - Which is Better?
Who Found the Issue and How?
Scott Railton and his team of researchers found that a Saudi activist’s phone had been hacked and infected with the Pegasus spyware last week. It is surveillance software that has been developed by the NSO Group from Israel and is used worldwide.
Researchers found that several images with malicious content were sent over the iMessage app just before the spyware was implanted into the OS while browsing through the device.
The spyware is programmed so that once a phone is infected, its OS will automatically crash, thereby destroying the actual code using which hackers entered the device via the Zero-click technique.
According to Scott Railton, Apple users have been suffering from Zero-Day vulnerability since February because no patch was applied to fix the error until now.
As the researchers found the malware, they immediately reported it to Apple, and Ivan Krstic governed the issue. Ivan is the head of the Security Engineering and Architecture in Apple, who supervised the entire solution program where developers developed a fix in the 14.8 version of the iOS. Once it was created, they have already applied the patch and deployed the fix.
Who is Exposed to the Risks of this Zero-Click?
To be honest, the extent of the damage and vulnerability is yet unknown to the researcher because there is no way to track the Zero-Click intrusion.
Studies and research are going on, but it will take time to study the technique and provide proper fixes to prevent the users from being attacked by hackers, spyware, or malware software.
Since it was the Pegasus spyware that infected that activist’s phone, questions have been raised about the involvement of the NSO Group. FBI has already been involved in the case, and they are investigating NSO for any proof of their participation.
As for Israel, the government has ordered an internal inquiry to assess the allegations and dig up the truth as soon as possible.
How can Backdoors be Closed to Reduce Device Vulnerability?
As of now, Apple has already deployed the match. Every user needs to update their software to close the backdoors if the device is hacked through the Zero-Click technique.
Also, Scott Railton has urged software companies to upscale their encryption layers to prevent hackers from entering the device silently.