After human rights activist, Ahmed Mansoor, received a text from an unknown number promising to expose “secrets” about people undergoing torture, he became suspicious.
The random link had the power to infect Mansoor’s phone, effectively creating a digital spy. The spyware invading Mansoor’s phone has been deservedly named a “one tap” attack because it only requires victims to click on one link to become infected.
Once infected, the hackers have access to an iPhone’s camera and microphone to reach activity in the vicinity of the device and are able to intercept every call and text message.
The hackers have access to all e-mails, contacts and FaceTime calls. Essentially, the attackers have open access to every communication mechanism on the phone—the Facebook app, Skype, WhatsApp, Viber, WeChat, Telegram and more, including all messages.
Besides just stealing communicative data, the malware also constantly updates GPS information and sends it to the command and control server, steals credentials from every Wi-Fi network the user has connected and grabs stored Apple router passwords.
Despite the magnitude and severity of this attack, it is likely that most users will not be affected given the sophisticated and targeted nature of this malware. However, Apple users should immediately update their device to iOS 9.3.5, which blocks the attack.
Jenny Lewis is an associate at Nixon Peabody, a global law firm specializing in complex challenges in litigation, real estate, corporate law and intellectual property anywhere in the world. Read more Nixon Peabody blogs here.