Latest Apple Hack Leaves Users Open to Spyware
You may have recently heard about the extremely important update being pushed out to Apple iOS devices (iOS 14.8). You may have heard terms like zero click, Pegasus, or zero day. So how do you find out if you have been hacked or is it even detectable? There are some things you can do to protect yourself.
A zero click vulnerability does what it says. It allows an attacker to force your system to install software without user interaction. This could be devastating if you rely on your phone like most people do. So how do you protect yourself?
First, you should keep an eye on the performance of your device. Has it suddenly started running sluggish or slow? Takes a long time to initialize or shut down? Is your battery running down quicker than ever? This could be an indicator that the system is doing business in the background you need to be aware of. You should also monitor the top right hand corner of your Apple device. An orange dot means something is using the microphone on your phone and a green dot indicates something has accessed the camera and or microphone.
Other indicators of compromise could include weird popups, pornographic content being displayed without your request, and new applications being installed that you did not install. Often times these odd applications will look like calculators, music apps, or even masquerade as other popular applications but will be capable of intercepting requests and causing you harm.
Technologically literate users could also connect their phone to a WiFi network and use a tool like wireshark on the network to monitor requests and connections. You can then filter that data and look for all URL and IP addresses connected to and then attempt to discover if there is inappropriate communication happening. This research requires a higher level of skill and technical acumen but would be the most accurate method of discovering if someone is exploiting your device.
Students at the University of Advancing Technology are provided in depth training on tools like wireshark early on in their education and given the skills necessary to identify many types of harmful traffic. The technological adversary of today and tomorrow is skilled, motivated, and working hard to cause harm. It is our job to do all we can to protects others and ourselves from these kinds of threats.
However, the vast majority of users do not need to panic about these types of attacks. Serious attacks are rare, targeted, and intended for high value targets related to oppressive governments and big businesses. Methods to protect yourself will depend on the attack used. Some malware is removed by simply hard restarting your device. Other malware is more insidious and can survive an imaging of the device by adding itself to your automatically downloaded applications. If you do discover someone has added something to your device, use iCloud to roll back the phone and then take time to change passwords on your accounts. If you’re still having issues, communicate concerns with the device manufacturer as well.