Just days after Apple filed a lawsuit against the Israeli firm NSO Group for the surveillance and targeting of Apple users with the Pegasus spyware, the tech giant has also detailed how it detects traces and activities that are generally consistent with a state-sponsored spyware attach on a user.
Google, meanwhile, continues to face its own set of challenges with regards to curbing spyware on Android, including fragmentation, which it hasn’t been able to tackle in years.
This is the first time that Apple has shared details about the subsequent notifications that are sent to users about the possible threat, and the possible corrective measures. Apple confirms the FORCEDENTRY exploit that Pegasus spyware used to its advantage, has since been patched for all iPhone users.
At present, the latest iOS 15.1.1 version is available for all iPhone users, which includes security improvements and other performance updates. One of them is the updated BlastDoor security layer, which now detects and stops any suspicious data being sent to iMessage. Apple says that while NSO Group spyware continues to evolve, they haven’t observed any evidence of successful remote attacks against devices running iOS 15 and later versions. Perhaps the push you need to update your iPhone?
Google’s struggles compounded by older Android
Google’s challenges with Android, the preferred smartphone platform for more than 3 billion users globally, aren’t getting easier. Problems aren’t solved by the fact that Android still struggles with serious fragmentation, which sees millions of phones running older Android versions that aren’t always as secure as the newer ones.
According to numbers by research firm Statcounter, the older Android 11 (33.2%) and Android 10 (28.57%) are still the most used Android iterations globally – that is as of the end of October 2021. Android 12 isn’t available on many phones yet, months after its release for Google’s own Pixel phones.
Threat level: Very sophisticated
A report by security firm Sophos, released earlier this week, says new variants of a spyware being used by a threat actor group called C-23, continue to target individuals based in the Middle East.
“The new variants appear in the form of an app that purports to install updates on the target’s phone, with names that include App Updates, System Apps Updates, or Android Update Intelligence. Sophos suspects that the apps are delivered to specific users by means of SMS text messages linking to downloads,” says Pankaj Kohli, researcher at SophosLabs.
Researchers at mobile security form Zimperium have noted in a new report that a spyware campaign is targeting Android phone users in South Korea.
The spyware, called PhoneSpy, has been discovered inside 23 popular Android apps distributed on platforms other than the Google Play Store. It has access to a user’s phone camera to take photos or record videos, access data and microphone.
The Pegasus spyware allowed attackers access to a compromised Android phone or iPhone’s data on the device as well as the microphone and camera. Using the FORCEDENTRY exploit, malicious data packages were sent to these devices, without the knowledge of those using these phones, to install Pegasus. While Apple IDs were created specifically for this purpose, Apple says their servers were not compromised as these spyware attacks were being mounted.
Pegasus isn’t the only spyware that has been in the news recently. Earlier this year, it was revealed that a sophisticated spyware called Karma, which also relied on using iMessage as the medium for delivering the compromised data packages to install the spyware, was being used to snoop on activists, diplomats, and journalists, since 2016.
Different signatures of well-funded spyware
The thing about state-sponsored malware, such as Pegasus, is that these are incredibly sophisticated tools. Often a result of being well-funded, since resources aren’t always a limitation, in such cases.
However, Apple admits that there may also be false alarms, but that’s all they’d say. “We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behavior to evade detection in the future,” reads the latest security advisory.
This comes as Apple has filed a lawsuit against the NSO Group for the sophisticated attack on Apple devices (and indeed Android phones, globally) using the Pegasus spyware. “State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” says Craig Federighi, Apple’s senior vice-president of software engineering, in a statement.
Any Apple user being targeted by state-sponsored malware will get notifications on phone numbers associated with the Apple ID via iMessage, and on the email addresses linked with the same ID as well.
You’ll be asked to visit your Apple ID account online (that’s available at appleid.apple.com) and you’ll see a threat notification banner, which will have further details about the threat detection and time as well as location specifics.