iPhone under attack: new warning: hackers target Apple devices

Even though iPhone is undoubtedly more secure than Android, Google’s efforts to close the gapApple devices are not immune to attacks. Now there are regular Apple alerts when the attacks were revealed and a new cyber report just warned that iPhones are being targeted by hackers with advanced cyber tools and that “regular reboots may be a best practice for Apple device owners.”

You may remember LightSpy – this spyware has been repeatedly reported by several security firms as it attacks iOS, macOS and Android. Well, now it’s back in the headlines, and ThreatFabric warns that it has been significantly improved: the toolkit has “significantly increased from 12 to 28 plugins—in particular, seven of these plugins have disruptive capabilities that can interfere with the device’s boot process.”

ForbesMicrosoft Update Warning: 400 Million Windows PCs Now at RiskTO Zach Doffman

The spyware targets older, unpatched versions of Apple’s iOS by exploiting known vulnerabilities, specifically the “public Safari exploit CVE-2020-9802 for initial access and CVE-2020-3837 for privilege escalation.” The attacks force the target iPhone to be jailbroken, escalating privileges and allowing full control over the device.

Given that this latest iteration of LightSpy attacks iPhones running iOS 13.5, your first defense is to make sure your phone is updated. This tool is almost certainly being used by Chinese attackers against victims in China and Hong Kong – there is no indication yet that it will be offered overseas, and that could change.

The new “disruptive” capabilities highlighted by ThreatFabric mean that a compromised device can be prevented from rebooting. The plugin architecture means that modules can be deployed as needed under the control of an external server in order to transfer data from the phone to attackers.

This destruction includes “wiping the contact list or disabling the device by removing system-related components,” ThreatFabric reports. “This suggests that attackers valued the opportunity to erase traces of an attack from the device.”

The stolen data may include device screenshots, photos, audio recordings, text contacts, call logs and data from messaging platforms including WhatsApp and Telegram. Obviously, even end-to-end encrypted messages can be accessed if an attacker has control of the device representing one of these ends.

ForbesImpossible deadline for Samsung: you have 24 hours to update your phoneTO Zach Doffman

“The LightSpy iOS example highlights the importance of keeping systems up to date,” the researchers advise. “LightSpy threat proponents are closely monitoring security researcher publications, reusing recently discovered exploits to deliver payloads and escalate privileges on affected devices.”

Infection most likely occurs through lures to infected websites used by intended victim groups—so-called “watering holes.” If you think you may be susceptible to such attacks and do not have an updated version of iOS, ThreatFabric suggests a normal reboot. “While a reboot will not prevent reinfection, it may limit the amount of information that attackers can obtain from the device.”