Jim Fisher

All the major news outlets were ablaze this past week over the discovery of a security risk concerning iPhone users. If you only read the headlines, you’d believe that your phone was being hacked by criminals who could access everything on your phone. Scary, huh?  I often call out news agencies for overhyping security threats and this one is no exception. Sure, this is a serious threat, but only if you are an international criminal or innocent journalist trying to expose corruption, and only if you live in countries outside the USA.  But this is news because iPhones are touted as the most secure devices on the planet and this new security risk puts a dent in that reputation. So what’s really going on here?  Should you be concerned?  What do you need to do to protect yourself?  Let’s learn about this together, shall we?

A software tool called Pegasus was developed years ago by a company in Israel called NSO Group. The software is licensed only to vetted government entities and is considered a military-grade hacking service. Using Pegasus, government agencies are able to infect phones with “zero-click” texts through iMessage, meaning the target user doesn’t even have to interact with the text to have their phone breached. This software is licensed only for use against terrorists, child sex traffickers and other notorious criminals.  Attacks like this are highly sophisticated, cost millions of dollars to develop, and have a short shelf life because the attacks are usually discovered by device manufacturers who issue software patches to thwart the attacks. It’s been a never-ending cat and mouse game for years.

The attack begins with a malicious link in an SMS text message or an iMessage. In some cases, a user must click on the link to start the infection. In some cases, users won’t even receive a notification. Once compromised, Pegasus can read anything on a device that a user can, while also stealing photos, recordings, location records, communications, passwords, call logs and social media posts. It can also activate cameras and microphones for real-time surveillance.

This is awfully scary, right? Well, no. This actually isn’t news at all. Our own National Security Agency is already known to have similar capabilities so the US government has no need for Pegasus. But other less-capable countries have employed Pegasus to spy on journalists and other “innocent” people which goes against the rules of the company that developed Pegasus.

So the biggest concern you should have is that this software has evidently been used by governments to squash democracy and spy on journalists who are doing their job to expose government overreach and corruption in some countries.

So what can you do to protect yourself? The first thing is to not become a terrorist or high-level criminal. The next thing you can do is not a darn thing. No device will ever be 100% secure but this particular threat isn’t a threat to you.

Jim Fisher owns Excel Computer Services in Florence. Reach him at www.ExcelAL.com