If you're tapping away on an iPhone, make sure you've got the latest updates. Otherwise, your calls, text messages, emails, and contacts could all be vulnerable to Israeli cyberspies -- or whoever buys their software.
The NSO Group, an Israeli software company that the New York Times describes as "one of the world's most evasive digital arms dealers," has released software exploiting security vulnerabilities in Apple products, allowing anyone who uses it to collect your information, steal your passwords, track your location, and even secretly record your conversations. All they have to do is send you one text.
No One Is Safe From the NSO Group
The NSO Group is apparently using the software to spy on dissidents and journalists, the Times reports, but the NSO Group's exploits could also be used against pretty much anyone -- journalists, dissidents, lawyers, you. According to the Times:
In interviews and manuals, the NSO Group's executives have long boasted that their spyware worked like a "ghost," tracking the moves and keystrokes of its targets, without leaving a trace. But until this month, it was not clear how exactly the group was monitoring its targets, or who exactly it was monitoring.
That is, until the human rights activist Ahmed Mansoor suspected that his phone was being hacked and contacted researchers at Citizen Lab. Citizen Lab's researchers soon discovered the NSO Group's spyware, which was distributed through texts that pretended to come from Facebook, CNN, and even Pokémon. Click the link and your phone is suddenly, secretly compromised.
Unless You Update Your Software, That Is
Thankfully, the vulnerabilities that made Apple products susceptible to spying have been fixed, and relatively quickly. Apple released a patched version of its mobile software last Thursday, 10 days after being told of the vulnerabilities. "We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits," Apple spokesperson Fred Sainz said.
But Apple is not always clued in to its security flaws. Security flaws are often traded among hackers, law enforcement, brokers, and spyware companies. Software companies often pay hefty sums for information on security weaknesses in their products, something Apple has long refused to do -- until recently.
The company launched a "bug bounty" program this August, paying hackers $200,000 for information on major flaws in Apple's software. That's certainly big bucks, but a bit short of the $1.3 million dollars the FBI paid hackers for backdoor access to encrypted iPhones.