Connect with us

Science & Tech

Apple issues emergency software update after discovery of ‘zero click’ malware



The spyware has been attributed “with high confidence” to Israel’s NSO Group.

Apple has issued an emergency software update after a flaw was found that allowed spyware attributed to Israel’s NSO Group to infect an iPhone, Apple Watch, or Mac computer without the user having to click on anything.

The malware was found on the phone of an unidentified Saudi activist by Canadian internet security watchdog Citizen Lab.

It is the first time that a “zero-click” exploit – an exploit that allows an attacker to hack into the device without requiring the victim to click on anything, meaning they have no chance to catch the attack – has been caught and analysed.

The phone is thought to have been infected in February, although the researchers discovered the malicious code on 7 September and immediately alerted Apple.

The logo of Israeli cyber firm NSO Group is seen at one of its branches in the Arava Desert, southern Israel July 22, 2021. REUTERS/Amir Cohen
Image:NSO Group is an Israeli cyber surveillance firm

Ivan Krstic, head of Apple security engineering and architecture, said: “After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users.Advertisement

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”

“While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data,” he added.

Citizen Lab researcher Bill Marczak said there was high confidence that Israeli surveillance firm NSO Group was behind the attack, although it was “not necessarily” being attributed to the Saudi government.

In a statement to Reuters, NSO did not confirm or deny that it was behind the technique, saying only that it would “continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime”.

Citizen Lab has previously found evidence of zero-click malware being used to hack the phones of some journalists and other targets but Mr Marczak said this was the first time one had been captured “so we can find out how it works”.

A man reads at a stand of the NSO Group Technologies, an Israeli technology firm known for its Pegasus spyware enabling the remote surveillance of smartphones, at the annual European Police Congress in Berlin, Germany, February 4, 2020
Image:Experts say the average user does not need to be too concerned, as such attacks tend to be highly targeted

Security experts have said that the average user does not need to be too concerned, as such attacks tend to be highly targeted, but the exploit was still alarming.

Mr Marczak said that malicious files were put on the Saudi activist’s phone via the iMessage app before the phone was hacked with NSO’s Pegasus spyware.

This meant the phone was able to spy on its user, without them even knowing.

Citizen Lab researcher John Scott-Railton said: “Popular chat apps are at risk of becoming the soft underbelly of device security. Securing them should be top priority.”

In July it was reported that NSO Group’s spyware had been used to target journalists, political dissidents and human rights activists.

NSO Group says that its spyware is only used by governments to hack the mobile phones of terrorists and serious criminals, but a leaked list featuring more than 50,000 phone numbers of interest to the company’s clients suggested that it is being used much more broadly.

More than 1,000 individuals in 50 countries were allegedly selected for potential surveillance – including 189 journalists and more than 600 politicians and government officials, according to Paris-based journalism non-profit Forbidden Stories and Amnesty International, as well as their media partners.

Mr Marczak said on Monday: “If Pegasus was only being used against criminals and terrorists, we never would have found this stuff.”

It has also been reported that the FBI is investigating NSO Group, and Israel has set up a senior inter-ministerial team to examine the allegations surrounding how the spyware is being used.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Science & Tech

Egypt: Researchers identify prehistoric killer whale that walked on land from 43-million-year-old fossil



“It could kill any creature it crossed paths with,” say Egyptian scientists who have discovered a new killer whale fossil from the African nation’s Whale Valley.

Egyptian scientists have identified a new species of prehistoric killer whale from a 43-million-year-old fossil that was found in Eqypt’s “Whale Valley”.

The ancient fossil, which was unearthed in Egypt’s Western Desert in 2008, has been named as Phiomicetus Anubis, after the god of death in ancient Egypt.

The four-legged whale which is from the family of Protecetids, are extinct semi-aquatic whales that lived from 34 to 59 million years ago.

Egyptian researcher at Mansoura University Abdullah Gohar, shows the fossil of a 43 million-year-old four-legged prehistoric whale known as the "Phiomicetus Anubis," in an evolution of whales from land to sea, which was unearthed over a decade ago in Fayoum in the Western Desert of Egypt,
Image:Researchers said it was approximately 2.7m (9ft) long and weighed around 600kg

Professor Hesham Sallam, of Mansoura University in Egypt, the leading palaeontologist who examined the fossil, said the creature was unique in its versatility in the way its features were adapted to hunt on land and in the sea – characteristics that made it stand out among other whale fossils.

“We chose the name Anubis because it had a strong and deadly bite,” said Professor Sallam.

“It could kill any creature it crossed paths with.”

The creature’s killer features included an elongated skull and snout. Its sharp hearing and acute sense of smell meant it was an efficient carnivore capable of hunting down, before grasping and chewing prey, researchers said. It was approximately 2.7m (9ft) long and weighed around 600kg.

The fossils of a 43 million-year-old four-legged prehistoric whale known as the "Phiomicetus Anubis," in an evolution of whales from land to sea, which was unearthed over a decade ago in Fayoum in the Western Desert of Egypt
Image:Professor Sallam said it ‘could kill any creature it crossed paths with’. Pic: AP

Professor Sallam said his team did not start examining the fossil until 2017 because he wanted to assemble the best and the most talented Egyptian palaeontologists for the study.

The fossil sheds light on the evolution of whales from herbivore land mammals into a carnivorous species that today live exclusively in water.

The oldest fossil whales are approximately 50 million years old and are believed to have originated in modern-day Pakistan and India.

Scientists have not been able to reach a conclusive answer as to when whales moved from land to sea.

The location of the discovery of the fossil will give a clue as to how and when this happened.

Continue Reading

Science & Tech

Former US intelligence officers admit to mercenary hacking for United Arab Emirates



The charges against them are published amid growing concerns that foreign states may be compromising US security by recruiting intelligence personnel to bolster their own capabilities.

Three former US intelligence and military officers have admitted working as mercenaries for the United Arab Emirates (UAE) and carrying out sophisticated hacking operations targeting victims in America.

The charges against them are published amid growing concerns that foreign states may be compromising US security by recruiting intelligence personnel to bolster their own capabilities.

The men, named as Marc Baier, Ryan Adams, and Daniel Gericke in an unsealed court document, were accused of breaking computer crime laws and export controls and have agreed to pay more than $1.6m (£1.1m) as part of a deferred prosecution agreement.

According to the court document, after leaving US government employment, the three men worked for an American company that provided licensed services to the UAE.

But in January 2016, “after receiving an offer for higher compensation and an expanded budget”, the men left this company and joined a new one called Dark Matter based in the gulf state.

The clandestine unit helped the UAE spy on human rights activists, journalists, and rival governments, according to Reuters, which reported on the clandestine unit called Project Maven before these charges were made public.

While working for the UAE business, which did not have an export licence to receive hacking technology from the US, the men developed “two similar ‘zero-click’ computer hacking and intelligence gathering systems” that were used to target victims in America.

“Today’s announcement shines a light on the unlawful activity of three former members of the US intelligence community and military,” said Steven D’Antuono of the FBI’s Washington Field Office.

“These individuals chose to ignore warnings and to leverage their years of experience to support and enhance a foreign government’s offensive cyber operations.

“These charges and the associated penalties make clear that the FBI will continue to investigate such violations.”

Bryan Vorndran, of the FBI’s cyber division, added: “This is a clear message to anybody, including former US government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company – there is risk, and there will be consequences.”

As part of the deferred prosecution, Baier, Adams, and Gericke must cooperate with the Department of Justice’s investigation.

They have agreed to pay $750,000 (£542,000), $600,000 (£430,000), and $335,000 (£242,000) respectively over the next three years – funds which they are prohibited from being reimbursed for by the UAE.

They have also received a lifetime ban on receiving any security clearances, as well as from being employed as hackers or by “certain UAE organisations”.

Continue Reading

Science & Tech

SpaceX: Who are the civilians on the Inspiration4 mission?



The crew are scheduled to blast into orbit inside a SpaceX Dragon Capsule, launched from a Falcon 9 rocket on Wednesday.

(L-R) Chris Sembroski, Dr Sian Proctor, Jared Isaacman, Hayley Arcenaux. Pic: Inspiration4 / John Kraus

Image:(L-R) Chris Sembroski, Dr Sian Proctor, Jared Isaacman, Hayley Arcenaux. Pic: Inspiration4/John Kraus

SpaceX is set to launch a motley crew of amateur astronauts into space on Wednesday in the first ever all-civilian orbital mission.

The crew of four civilians includes a high-school dropout for a commander, a medical officer who survived cancer as a child, an artist and college professor, and a man who won his seat through a charity donation.

Here’s who they are, what their background is, and how they got their seats on what is set to be one of the most significant space tourism flights of all time.

Commander and Benefactor: Jared Isaacman

Jared Isaacman. Pic: Inspiration4 / John Kraus
Image:Jared Isaacman. Pic: Inspiration4/John Kraus

Jared Isaacman, 38, is the driving force behind this adventure, having struck a private deal with SpaceX.

The terms of that deal haven’t been disclosed, but Mr Isaacman is using the trip to raise $200m (£146m) for St Jude Children’s Research Hospital in Tennessee – with half coming from his own pockets – and said the anticipated donation to St Jude’s “vastly exceeds the cost of the mission”.

A high school drop-out, Mr Isaacman is the founder and chief executive of Shift4 Payments, a payment processing company which he started as a 16-year-old in 1999.

Reportedly a billionaire and a keen pilot, he set a speed record flying around the world in 2009 while raising money for the Make-A-Wish programme, and later established Draken International, the world’s largest private fleet of fighter jets.

He said: “I truly want us to live in a world 50 or 100 years from now where people are jumping in their rockets like the Jetsons and there are families bouncing around on the moon with their kid in a spacesuit.

“I also think if we are going to live in that world, we better conquer childhood cancer along the way.”

Chief medical officer and Hope seat: Hayley Arceneaux

Hayley Arceneaux was diagnosed with bone cancer as a child. Pic: Inspiration4 / John Kraus
Image:Hayley Arceneaux was diagnosed with bone cancer as a child. Pic: Inspiration4/John Kraus

When Hayley Arceneaux was just 10 years old, she was diagnosed with bone cancer. She received treatment at the St Jude Children’s Research Hospital, including chemotherapy and a limb-saving surgery.

This surgery involved replacing her knee and placing a titanium rod in her left femur.

Now, as a healthy adult, Ms Arceneaux works at the hospital – which she credits with saving her life – as a physician assistant for patients with leukaemia and lymphoma.

She was selected for the mission by Mr Isaacman, who said he couldn’t think of a better brand ambassador to represent St Jude and the spirit of hope on his mission.

“It’s an incredible honour to be a part of this mission that is not only raising crucial funds for the lifesaving work of St. Jude, but also introducing new supporters to the cause and showing cancer survivors that anything is possible,” she said.

Generosity seat: Chris Sembroski

Chris Sembroski. Pic: Inspiration4 / John Kraus
Image:Chris Sembroski. Pic: Inspiration4/John Kraus

Chris Sembroski won his seat on the mission courtesy of a friend who donated to St Jude in July.

He’s an employee of Lockheed Martin and a veteran of the US Air Force, where he helped maintain a fleet of the Minuteman III intercontinental ballistic missiles and deployed in Iraq.

He is described as having long held an interest in space exploration, and after leaving the Air Force studied professional aeronautics from Embry-Riddle Aeronautical University, where he met the unidentified friend who gave him his seat.

“Joining the Inspiration4 crew and its mission of support for St Jude is truly a dream come true. It is my hope that this flight will inspire others to pay that generosity forward by pledging their support for St Jude and encouraging kids to dream the impossible, ushering in a new era of space exploration open to all,” he said.

Prosperity seat: Dr Sian Proctor

Dr Sian Proctor. Pic: Inspiration4 / John Kraus
Image:Dr Sian Proctor. Pic: Inspiration4/John Kraus

Dr Sian Proctor was previously a finalist for the 2009 astronaut programme at NASA, has a pilot license, and works as a professor of geoscience at South Mountain Community College in Phoenix, Arizona.

She was born in Guam to a father who worked for NASA at a tracking station there during the Apollo missions, and has conducted a series of simulated space missions at the Hawaii Space Exploration Analog and Simulation (HI-SEAS) Habitat.

She won her seat as a customer of Mr Isaacman’s Shift4 Payments, as part of a plan to select someone “who utilises the new Shift4Shop eCommerce platform, which empowers entrepreneurs to build and grow successful eCommerce businesses online”.

Dr Proctor has given a TEDx talk called Eat Like a Martian and previously published the Meals for Mars Cookbook, following her NASA-funded HI-SEAS mission on food strategies for long-term space travel.

As an artist, she tries to encourage conversations about creating a JEDI Space, or a space environment that is Just, Equitable, Diverse and Inclusive.

She said: “I am thrilled to part of the historic Inspiration4 crew and to represent the Prosperity seat. Going to space has always been a dream of mine, and being able to inspire the world through art and poetry makes it even more special for me.”

Continue Reading

Trending Now