Recently, Apple released a software update to all Apple phones, computers, and watches with an emergency security patch to prevent hackers from accessing customer devices without the users knowing.
The update came in response to a University of Toronto’s Citizen Lab report, which said that the Israeli spyware company, NSO Group, used a “zero-click exploit” to access the phone of an unnamed Saudi activist. This exploit, called “Foredentry” by Citizen Lab researchers, has been in use since February; the researchers also reported that the NSO Group’s flagship spyware program, “Pegasus,” was used to infect the activist’s mobile device.
Zero-click exploits do not require any interaction with the owner of the device, meaning it’s nearly impossible for people to know if they have been compromised or not.
NSO Group is described by Citizen Lab as a “prolific” seller of spyware technology to governments globally, with its products being regularly linked to surveillance abuse. The NSO Group stated that it would “continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime,” but cyber security analysts have spoken out and disagree with the framing of the group.
Though it claims only to sell its products to licensed law enforcement groups, whether or not the statement is accurate is still being called into question.
Earlier in the year, Apple declared that more than 1.6 billion Apple devices were being used worldwide, with one billion of those being active iPhones. The company tried to prevent Pegasus exploitation with iOS14, but the malware was still able to breach weaknesses in the company’s software and take advantage of them. Despite this, Apple says that a majority of its customers are unlikely to be impacted by the vulnerability.
Thanks to Citizen Lab, Apple was able to create a patch quickly to help deter zero-click threats. The company credits the research group for helping create the patch swiftly and efficiently.
Attacks such as the one run by the NSO Group are highly sophisticated, costly, and work for only a short period of time; due to this, they’re often used against specific individuals rather than large groups. However, this doesn’t mean that zero-click threats aren’t a threat to people at large—technology is constantly evolving, and unfortunately, this statement includes technology created for malicious purposes as well. Apple will continue to work so that all users’ devices, and their data, are protected.