Update your iOS 9.x Devices Now!

What kind of "security" company doesn't maintain a web presence?

Dr. Mac’s Rants & Raves
Episode #190

I don’t usually write about Apple’s minor operating system updates because they’re generally boring and of little interest to either of us. But, if you’re using an iPhone, iPad, or iPod touch, you need to update to iOS version 9.3.5 without delay.

I’ll tell you how to do that in a moment, but first let me tell you why it’s vital to do so immediately. Last week a mobile security company (Lookout) and the advanced research laboratory at the Munk School of Global Affairs, University of Toronto (Citizen Lab), released details of a sophisticated, targeted, and persistent mobile attack on iOS devices. The big deal is that this attack can jailbreak an iOS device without the user’s knowledge and collect information from apps including Gmail, Facebook, Skype, WhatsApp, Calendar, FaceTime, and more.

Update Immediately

That’s some scary stuff, but Apple released a fix—iOS update 9.3.5—almost immediately. And while it’s unlikely you are currently infected with the exploit known as Trident, you should update your iOS device to version 9.3.5 immediately. To do that, tap Settings—>General—>Software Update. If the 9.3.5 update is available—as shown below—install it without delay.

If this update is available, you'd be wise to install it ASAP.
If this update is available, you’d be wise to install it ASAP.

A Shady Organization?

Now that your iDevices are safe and sound once again, here’s what bugs me about the whole affair. Lookout (the mobile security company) claims Trident is installed via a commercial spyware product called Pegasus, and a Citizen Lab investigation indicates Pegasus was developed by a shadowy organization known as the NSO Group.

After several hours of internet surfing, all I can tell you for sure about NSO Group is that they have no web site, an extremely generic LinkedIn profile, and were virtually invisible on the internet until last week.

What kind of "security" company doesn't maintain a web presence?
What kind of “security” company doesn’t maintain a web presence?

Commercial spyware: For sale to the highest bidder?

That’s scary. I knew there were so-called “zero-day exploits,” that could, at least in theory, compromise your iDevice’s integrity and security. But I never heard of one found “in the wild” before. And I always thought such exploits were created by a small cadre of scammers or black-hat hackers with nothing better to do. Finding out that there is a company that apparently sells spyware that breaches iOS security to foreign governments for millions of dollars… well, let’s just say that blew my mind.

I love a good conspiracy theory and this one’s as good as any. But I don’t have all the facts and don’t think I ever will. All I can tell you is that I am pretty sure the NSO Group is a real entity that sold spyware to more than one foreign government before it got caught. We’ll just have to wait to see how things shake out.

In the meantime, I urge you to update all of your iOS devices immediately and hope this is the last time I have to write a column like this.

And that’s all he wrote…

One thought on “Update your iOS 9.x Devices Now!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.