Sign In

Communications of the ACM

ACM TechNews

iPhones Vulnerable to Hacking Tools for Months, Researchers Say


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
The spyware exploited an apparent vulnerability of iPhones prior to the iOS 14 update.

For almost a year, spyware sold by Israels NSO Group allegedly wasarmed with a zero-footprint, zero-click, zero-day exploit that used a vulnerability in iMessage to seize control of an iPhone at the push of a button.

Credit: Postmodern Studio/Alamy Stock Photo

Researchers at Canada's University of Toronto (U of T) said spyware sold by Israel's NSO Group incorporated a zero-click zero-day exploit that could commandeer iPhones via a flaw in iMessage.

They said the "Kismet" tool would leave no visible sign of implantation, could be installed by sending a message that victims did not have to click on, and worked even on phones running the latest iOS version.

The researchers reported 37 known examples of Kismet being used by NSO Group clients against journalists covering news in and around the Middle East, yet "we suspect that the infections were a minuscule fraction of the total attacks used with this exploit."

The U of T team said logs from compromised phones suggested Kismet, or a similar exploit, has been in use for more than a year.

From The Guardian (U.K.)
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found