A sophisticated piece of malware has exploited three different unknown vulnerabilities in Apple’s iOS operating system that would allow attackers to get full control of an iPhone. Government hackers have been caught using the never-before-seen malware/iPhone spy tool in an unprecedented attack never before seen in the wild. Apple have release an emergency update which every iPhone user should download and install as soon as possible. IT security experts from Lieberman Software, ESET and Tripwire commented below.
Jonathan Sander, VP of Product Strategy at Lieberman Software:
“The only real surprise in this iPhone spy tool story is that anyone is surprised. All over the world, the bad boys of tech have left their basements behind for professional buildings and are make lots of cash selling malware for cash. Of course repressive regimes are looking to weaponize that malware against the people that oppose them. With a glut of ill gotten cash and a lack of scruples those regimes are a malware dealer’s perfect customer. This is simple supply and demand. While there are people who want to break into things for any reason, there will be bad guys willing to sell the tools to crack stuff wide open.”
Mark James, Security Specialist at ESET:
“The trouble with our everyday devices that have become a very integral part of our lives is no matter how hard we try to protect them there is always someone somewhere trying to hack them or take them over. I think most people believe they have nothing of value to hackers so why should you worry about it!
Well you do, in theory everyone does, all our data has a value, names, address, bank details, even contacts, that friend you grew up with may seem like just “Bob who throws a mean BBQ” but he may be the CEO of an important telecommunications company, your contact details for him may be exactly what a hacker requires to form a targeted phishing attack in an attempt to compromise that multi million pound company. Apple and indeed Google want you to have phones that you make you feel safe using their latest technology, so for me when I see Apple releasing an emergency fix for a zero day they were only notified about 10 days ago that makes me feel valued as an Apple user.
Some people may see it as just “another update” or even as unimportant but believe me you want to install this as soon as possible. Security updates are the only way forward in keeping electronic devices safe, gone are the days when a well-known company would release an update that everyone groaned and waited to see the damage it caused before installing it yourself. Nowadays if there is a security update or patch you NEED to treat it with urgency and get it installed now not tomorrow.”
Travis Smith, Senior Security Research Engineer at Tripwire:
“Any zero day which can remotely take control of a device is incredibly dangerous. The fact that this particular exploit took advantage of three vulnerabilities to accomplish complete control shows how advanced and committed the authors are. While what we’ve seen exploited in the wild thus far has been targeted towards high profile targets, exploits eventually trickle down into less skilled hands who eventually target a larger audience.
The advantage the general public has is that a patch is already available. The typical iOS users will not differentiate between a major update and a security update. Unless there are reports of apps crashing or degradation of battery life, users will more than likely install the update.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.