close
close

iPhones under attack – another warning as hackers target Apple devices

iPhones under attack – another warning as hackers target Apple devices

While iPhones are undeniably more secure than Androids, though Google’s efforts to close the gapApple devices are not immune to attack. There are now regular alerts from Apple when attacks were identified and a new cyber report just warned that iPhones are being attacked by hackers with enhanced cyber tools and that “a regular reboot may be a good practice for Apple device owners.”

You may remember LightSpy — this spyware program has been reported multiple times by multiple security firms as it attacks iOS, macOS, and Android. Well, now it’s back in the headlines and ThreatFabric warns that it is much improved, with the toolset “significantly increased from 12 to 28 plugins – notably, seven of these plugins have destructive capabilities that can interfere with the device’s boot process.”

ForbesMicrosoft Update Warning—400 million Windows PCs are now at risk

This spyware targets older, unpatched versions of Apple’s iOS by exploiting known vulnerabilities, specifically “Publicly available Safari exploits CVE-2020-9802 for initial access and CVE-2020-3837 for privilege escalation.” The attacks force a jailbreak on the target iPhone, escalating privileges to allow full device takeover.

With this latest iteration of LightSpy attacking iPhones running anything newer than iOS 13.5, your first line of defense is to make sure your phone is up to date. It’s almost certain that the tool is being deployed by Chinese threat actors against victims in China and Hong Kong – there’s no sign yet that it’s being offered further, that could change.

The new “destructive” capabilities highlighted by ThreatFabric mean that a compromised device can be prevented from restarting. The plugin architecture means that modules can be deployed as needed, under the control of an external server, with the goal of exfiltrating phone data to attackers.

This destruction includes “deleting the contact list or disabling the device by deleting system-related components,” ThreatFabric says. “This suggests that threat actors have appreciated the ability to erase attack traces from the device.”

Stolen data can include device screenshots, photos, audio recordings, contact messages, call logs and data from messaging platforms including WhatsApp and Telegram. Clearly, even end-to-end encrypted messages can be accessed if an attacker has control of the device that represents one of these ends.

ForbesSamsung’s impossible deadline – you have 24 hours to update your phone

“The LightSpy iOS case highlights the importance of keeping systems up-to-date,” the researchers advise. “The threat actors behind LightSpy closely monitor security researchers’ publications, reusing newly disclosed exploits to deliver payloads and escalate privileges on affected devices.”

Infections likely come via baits to infected websites used by targeted victim groups – so-called watering holes. If you think you might be susceptible to such attacks and because you’re not running an up-to-date version of iOS, ThreatFabric suggests a regular reboot. “While rebooting won’t prevent reinfection, it can limit the amount of information attackers can exfiltrate from the device.”