image

Business Insider

Most of the world’s iPhones can still be hacked with just a text

Eighty-six per cent of iOS users are still vulnerable to impossible-to-detect software which can activate cameras and microphones, track movements, and log messages

PUBLISHED : Tuesday, 30 August, 2016, 6:49am
UPDATED : Tuesday, 30 August, 2016, 12:01pm

More than 86 per cent of Apple iPhones in the world are apparently still vulnerable to a security flaw that allows a hacker to completely take over the device with just a text message, according to data from mobile and web analytics firm MixPanel.

A surprising number of people have not yet updated the iPhone's mobile operating system — despite an urgent warning to do so coming from Apple last week — in light of a major security problem the company was forced to correct in iOS 9.3.5.

According to MixPanel's report, which relies on partners sharing the version of iOS people are using to download their apps, only about 11 per cent of users have updated to the latest version of iOS, while about 2 per cent of people are on the beta version of iOS 10, which is also protected from the security issue.

That means more than 86 per cent of iOS users are still vulnerable to a malicious tool called "Pegasus," an impossible-to-detect software that can hack an iPhone using nothing more than a text message. 

Apple's developer website, which was last updated on August 15, said 13 per cent of users were using a version of iOS 8 or earlier. The website does not break out individual builds, so it's unclear what version of iOS 9 the other 87 per cent reported are using. A spokesperson for the company declined to offer more specifics.

Anything below the latest version, 9.3.5, is vulnerable to this kind of attack.

Researchers Bill Marczak and John Scott-Railton of Citizen Lab worked with Lookout Security to discover and document the flaw, which was disclosed last Wednesday. It allows an attacker to install sophisticated spying tools that can activate a person's camera and microphone, track their movements, and log all messages.

They called it a "Trident," since it used three "zero-day" vulnerabilities — bugs that were unfixed and unknown — which Apple had to scramble to fix. The researchers disclosed the problem to Apple before publishing their findings, and the company issued an urgent update to iOS.

People who install Apple's new iOS 9.3.5 version will no longer be vulnerable to this issue, and the company is urging all its users to immediately update. 

You can update your iPhone by going to Settings > General > Software Update.

See Also:
Update your iPhone now to avoid a major security flaw that takes over your device
Inside 'Pegasus,' the impossible-to-detect software that hacks your iPhone
There's a major security flaw in Apple's iOS