Apple recently published an urgent update for iMessage to close a serious vulnerability identified by The Citizen Lab. This risk allowed for Pegasus spyware to infiltrate a users Apple device to compromise their messaging system and record them. According to the group, “We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that FORCEDENTRY has been in use since at least February 2021.” Although the risk has been minimised, for now, Pegasus reminds us to stay vigilant about mobile security. If you don’t yet understand why mobile security matters, let’s explore.

What was Pegasus?

Pegasus was spyware that could get in through Apple OS to allow hackers access to your device. According to Healthcare IT News, “Pegasus spyware can turn on a user’s camera and microphone and record messages, texts, emails and calls. The zero-click capability allows such spyware to be installed without the user taking any action, such as clicking a link. According to Citizen Lab, the exploit targets Apple’s image rendering library and has been effective against Apple iOS, [macOS] and WatchOS devices. These attacks can cost users millions of pounds. Think about all the sensitive and personal information you discuss on a regular basis within the vicinity of your phone – much less directly through text message. Apple released an update to combat this particular attack, but new threats emerge all the time. And so it’s probably time to think about the security of your personal and work mobile phones. You can take steps to make them more secure and reduce your risk. Here’s how:

How to keep your phone secure

1. First, you should have a pin, face or fingerprint lock on your device. Change it often too. This is a must. 
2. Then you need to have automatic security updates enabled so that when vulnerabilities are identified, you can download them immediately. 
3. Invest in caller protection. According to Business Insider, “Apps like Burner and Firewall protect against hackers, pesky salespeople, and unwanted callers from having access to your phone.” 
4. Next, never connect your phone to a public port or power supply. This is because hackers can actually access your data via the USB charger. 
5. You may want to only download apps from the approved store for your phone and invest in a VPN. This can protect your network traffic from prying eyes. 
6. Lastly, enable a remote wipe feature. Prey Project states, “This ability enables you to remove any data from your phone, even if you no longer have the physical phone itself. It’s a great safety feature in case your phone is lost and you can’t find it. The process to set up remote wipe differs by device.” Here is a helpful guide. 
7. Oh, and never tell anyone your phone password- ever. That just goes without saying.

Want to know more about phone security? Need help with your mobile deployments? Let’s talk about that.