This summer, various security outfits reported on a particular nasty kind of spyware found installed on iPhone devices. Dubbed “Pegasus”, this malware is thought to be designed by a shady security company and sold to governments and others in order to spy on journalists, activists and even politicians (like the French President). An estimated 50 000 devices may have been targeted. Once installed, the Pegasus malware has full access to the device and can extract contacts, emails, phone calls, switch on the microphone and the camera, etc.
Its nastiest feature, however, is its silence. No user interaction is necessary to infect the device. No click on a malicious link. No opening of a malicious attachment. No browsing to a malicious webpage. Remember your security mantra “STOP – THINK – DON’T CLICK”? It’s void in this particular case – a so-called “zero-click attack”. All that’s required is for an attacker to send a well-crafted iMessage to your iPhone and the damage is done. Compromised without any chance to protect yourself. The only chance of spotting Pegasus in action is dedicated network monitoring: watching out for specific Pegasus-related network traffic, IP addresses and domain names. So far, luckily for us(?), the CERN intrusion detection systems have not spotted any attacks related to Pegasus.
Fortunately, the time has come to kill that horse for good. Apple has finally managed to release updates for its iOS iPhone operating system that are supposed to fix the initial attack vector (at least, those that we know about). We urge you to apply those updates as soon as possible (Settings → General → Software Update). Ideally, you already have automatic updates enabled. Not only for your iPhone, but also for all your other devices, PCs, laptops, tablets, etc., regardless of whether you prefer Microsoft’s Windows, Linus Torvald’s Linux, Google’s Android or Steve Job’s Macbook. Let them take care of your operating system and update your devices as soon as their most secure version is ready for deployment.
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.