Urgent update iOS
Apple has released an urgent update of iOS 9.3.5, to close the “hole”, used in the spyware Pegasus. “Apple company” recommended to apply it to all polzovatelyaim
a security specialist from the Citizen Lab and Lookout Security companies failed to investigate the case and report to Apple, which is immediately released iOS 9.3.5 update for the iPhone operating system. All iOS 9 users should immediately upgrade to iOS 9.3.5.
In this update, Apple has closed a number of critical vulnerabilities that were used, presumably in some countries the state structures against activists and dissidents. Discovered vulnerabilities allow hackers to remotely control the iPhone, including listen to conversations via secure applications such as WhatsApp., To gain access to your camera and microphone, download photos, or made any files.
Apple quickly released iOS update to close the “hole”, which are used spyware trojan Pegasus
Malware, or “exploits”, using the “hole”, there are already a few months, but probably not applied very widely, and only against certain individuals.
Troyan price of $ 8 million
There is a “black market”, where security experts and companies sell information found “holes” wishing. Information found holes are not covered, then these holes and specially written software can be used for targeted attacks.
As noted by representatives of the Citizen Lab, they were able to track and explore the work of spyware called Pegasus. They found that it costs $ 8 million for 300 licenses, so it is unlikely that it will be used against ordinary iPhone owners. However, now that these vulnerabilities become known, hackers may try to use them more widely.
Smartphone owners in any case should not click on links they receive in SMS messages. This applies not only to the SMS from unknown numbers, but also from friends, as the sender’s number can be tampered with.
How does the detected spyware
The company Citizen Lab was established at the School of international relations, University of Toronto. Its task is government structures action research on the Internet, including against human rights organizations.
Working with Lookout Security, they are before the incident monitored the activities of the group Stealth Falcon, which followed the party, criticizing the United Arab Emirates. The experts were able to keep track of the server used by the group, but failed to contact them use the software Pegasus.
The investigation of using Pegasus started with the fact that the human rights of the United Arab Emirates Ahmed Mansour (Ahmed Mansoor) I received 10 August 2016 SMS from an unknown number, with reference to the supposedly revealed the abuse. He described the report as suspicious, and sent information about it in the Citizen Lab company. As a result, three critical vulnerabilities in iOS 9.
At the beginning of the attack the owner of the phone will receive an SMS with a link, clicks on it, and open the Web site is loaded and started hacking software have been found. Hole in the rendering component of iOS (based on WebKit library) allows you to run the program as an attacking on 32- and 64-bit versions of iOS.
It is interesting that, as claimed by Lookout, among more than 300 phishing sites through which spread malicious links, some disguised as popular Russian sites:. “Beeline”, “OpenID”, “Classmates”, “Yandex”, etc.
In addition, the attackers used a forgery and under the other popular services: WhatsApp, YouTube, Twitter, as well as popular at the Arab, Mexican and other national sites
The exploit uses a hole that allows to circumvent the security mechanism in iOS system – Kernel Address Space Layout Randomization (KASLR).. After receiving information about the location in the memory system iOS services that exploit the third blocks are already a ban on launching not signed software (ie not having a proven security certificates).
Following these three consecutive steps is downloaded and installed properly spyware. It starts automatically when you restart the system and blocks the function of the system upgrade. Triggers for intercepting the data set for the entire operating system. Many applications are tracked specifically. Trojan steals contacts from iMessage, Gmail, Viber, Facebook, WhatsApp, Telegram, Skype, Line, KakaoTalk, WeChat, Surespot, Imo.im, Mail.Ru, Tango, «VKontakte” and “Classmates”. Periodically spyware application connects to the external server, which sends the intercepted information.
A sign that the attack was targeted against a specific individual was that the Internet address specified in the SMS has become unresponsive after the first move by link. Citizen Lab specialists have been the link with the usual iPhone and tracked the whole process of system infection. To the discovery of the software, according to the researchers, a hand in the Israeli firm NSO Group, which develops and sells spyware governmental structures. Earlier, the same software was used against Mexican journalist Rafael Cabrera, and in his case it was found that the hacker software associated with the NSO Group servers, after which there was the installation of spyware.
Malware is trying to remain invisible to the user , which monitors the battery charge the phone and data flows in the system, may suspend its work and even completely remove yourself.
No comments:
Post a Comment