iPhone software update

Photo via matsuyuki/Flickr

Serious flaws in iOS mean everything on your device is vulnerable to spying.

Red alert! This is not a drill. Stop what you’re doing and update your iPhone. Now. 

Seriously. There are major flaws with Apple iOS that put everything you do on your device at risk, from your emails and text messages to your photos and contacts, and you have to update your device immediately to fix them. 

You should see an update message pop up for the version iOS 9.3.5. That’s the one you need. If you don’t see it: Go to Settings > General > Software Update. Click “Download and Install,” click “Agree” on the terms and conditions page, and let the install go through. If you haven’t updated your phone in a while, you’re going to need to do the earlier updates before you get to install version 9.3.5.

Apple

Done? OK, phew. Now let me explain the urgency. Security researchers at Citizen Lab and Lookout, a mobile security firm, discovered the existence of spyware that could gain access to every piece of information on an infected device, including all your communications.

“It basically steals all the information on your phone, it intercepts every call, it intercepts every text message, it steals all the emails, the contacts, the FaceTime calls. It also basically backdoors every communications mechanism you have on the phone,” Mike Murray, Lookout’s vice president of research, told Motherboard. “It steals all the information in the Gmail app, all the Facebook messages, all the Facebook information, your Facebook contacts, everything from Skype, WhatsApp, Viber, WeChat, Telegram—you name it.”

What the Pegasus malware lets an attacker access, according to its creator.

What the Pegasus malware lets an attacker access, according to its creator.

NSO

The spyware, dubbed Pegasus and developed by Israeli cyberarms dealer NSO, was used to target a human rights activist from the United Arab Emirates and a reporter from Mexico, and there may be other victims out there. 

To infect a device, the attacker would send the target a link through a text message. In the instances the researchers saw, the link was accompanied by some message that might make the target want to click, something like “Wow, I’m sorry to show you this, but it looks like there’s a video online of your wife cheating on you.” Click the link, and it effectively jailbreaks your phone in one fell swoop and allows the attacker to gain access to everything. 

While the instances that tipped off the researchers were targeted attacks, the malware means that iOS contains serious unknown flaws that could potentially be replicated by other skilled hackers. 

In other words, if you don’t update your iPhone or iPad right now, you are vulnerable. It’ll only take a couple of minutes away from playing Pokémon Go. I promise it’ll be worth it.

Contact the author: Andrew Couts, [email protected]

Layer 8
Android 7 boasts new encryption features as the Crypto War soldiers on
Android 7.0 pushes easy-to-use encryption further into the mainstream.
From Our VICE Partners

Pure, uncut internet. Straight to your inbox.