The Perils of Spyware: How Zero-Click Exploits Threaten Privacy and Security
The Stealthy Nature of Zero-Click Exploits
In a startling revelation by Google’s Project Zero researchers in 2021, an iMessage-based zero-click exploit was found to have targeted a Saudi activist. The researchers grimly noted,
“Short of not using a device, there is no way to prevent exploitation by a zero-click exploit; it’s a weapon against which there is no defense,”
highlighting the vulnerability of iOS and Android software to such attacks.
The Role of Spyware Vendors
Spyware exists due to vendors like NSO Group, which asserts that it only sells exploits to governments for tracking criminals and terrorists. Richard Werner, a cybersecurity advisor at Trend Micro, points out that customers, including governments in Europe and North America, agree not to disclose these vulnerabilities.
Spyware Targets: Journalists, Dissidents, and Protesters
Despite NSO Group’s claims, spyware has persistently targeted journalists, dissidents, and protesters. Hanan Elatr, the wife of murdered Saudi journalist Jamal Khashoggi, was allegedly targeted with Pegasus before his death. New York Times reporter Ben Hubbard discovered his phone had been targeted twice with Pegasus in 2021.
Pegasus silently infiltrated the iPhone of Claude Magnin, the wife of jailed and allegedly tortured Moroccan political activist Naama Asfari. The spyware has also been used against pro-democracy protesters in Thailand, exiled Russian journalist Galina Timchenko, and even UK government officials.
Apple’s Legal Battle Against NSO Group
In 2021, Apple initiated a lawsuit against NSO Group and its parent company, seeking to hold them accountable for “the surveillance and targeting of Apple users.” The case is ongoing, with NSO Group attempting to dismiss the lawsuit. Experts believe the problem will persist as long as spyware vendors can operate.
The Human Factor Behind Spyware
David Ruiz, a senior privacy advocate at Malwarebytes, attributes the danger of spyware to society to “the obsessive and oppressive operators behind spyware, who compound its danger to society.”
Dealing with Spyware Infections
The Nuclear Option: Abandoning Hardware and Accounts
Experts advise that if you are targeted by a zero-click exploit delivering spyware, the best course of action is to completely abandon both the hardware and any associated accounts. Aaron Engel, chief information security officer at ExpressVPN, recommends getting a new computer, a new phone number, and creating entirely new accounts linked to the device.
Detecting Spyware: A Challenging Task
Javvad Malik, lead security awareness advocate at KnowBe4, notes that detecting spyware can be difficult. However, unusual behavior such as rapid battery drain, unexpected shutdowns, or high data usage could indicate some types of infections. While specific apps claim to detect spyware, their effectiveness varies, and professional assistance is often required for reliable detection.
4 Comments
Guess Apple’s impregnable fortress just found its achilles heel, spyware invasion!
So Apple’s shiny armor is finally showing some cracks with spyware slipping through, huh?
Apple’s “unbreakable” security myth? Meet its nemesis: spyware.
Looks like Apple’s “walled garden” has some creeping vines of spyware now.