Toronto lab uncovers flaw in Apple devices that prompts worldwide update for users
TORONTO -- The latest iOS update is an urgent and important one for every Apple user worldwide whether they have a phone, computer or watch.
The tech giant has issued a security patch after Citizen Lab, based at the University of Toronto, uncovered a concerning flaw.
“That feels pretty good. That said, it’s also sobering because it highlights the sophistication of the problem we’re looking at,” John Scott-Railton, senior researcher at the lab, told CTV News Toronto Tuesday.
He said the team discovered a technique allowing spyware to access devices through what’s called the zero-click exploit, which allows someone to remotely hack and infect a device without the owner ever clicking on a link or ever knowing.
Researchers believe the spyware was developed by NSO Group, an Israeli technology firm, with products for governments to prevent crime and terror. Citizen Lab said they picked up on it while a Saudi activist was being targeted.
Researchers also say Apple had no idea about the flaw which means the company had to act right away.
“Today, the targets appear to be people like activists and other high value people. That said, there is nothing to prevent this company from doing what they want to do tomorrow, which is sell it to local governments and local police. That’s a pretty scary thought because we know there are problems with oversight,” Scott-Railton said.
Citizen Lab has been analyzing these types of digital threats from Toronto for years and has local students help with some of its projects.
“Make sure to update your phones but also remember what this update means. This means there is an industry out there that is unaccountable and finding ways to hack any phone in the world without any action on your part,” Scott-Railton said.
He warns while this flaw was caught, those behind the zero-click exploit are increasingly making the technology more sophisticated and dangerous.