Apple prides itself on its security, and promises on its website that the iPhone’s built-in security features help prevent anyone but the user from accessing the data on the phone.
On September 14, Apple launched the iPhone 13. Around 5 weeks after this launch, two separate hacker teams at a Chinese hackathon event broke into the iPhone 13 Pro, running the latest iOS 15.0.2. One of the teams had complete control of the phone’s systems in literally one second.
Now, fortunately, this was an entirely legal and above-board event, and these teams will be in touch with Apple to explain how they found these exploits, which should be patched by the next iOS update.
In fact, most big tech companies like Apple and Google have their own ‘bug bounty’ programs where they hand out cash prizes for developers who can point out exploits to the company, without publicly disclosing this information.
However, this does prove that it is at least technically possible to hack into what is considered the most secure smartphone, through a method that doesn’t involve much fault on the user’s part.
What kinds of hackers are there?
There are, broadly, two kinds of hackers - white hat and black hat. While black hat hackers try and break into servers, computers, and phones for malicious reasons, like stealing data, or extorting money, white hat hackers are different.
Black hat hackers don't need to attend hackathons to try and find ways to break into computers and phones for nefarious purposes. They can do it from any remote location in the world, and their activities are usually aimed at extorting money from an organisation or individual, but can also be used for spying.
Earlier this year, a group of news organisations across the globe published information that a spyware called Pegasus, developed by Israeli agency NSO, was used to spy on politicians, journalists, and activists across the globe. Pegasus was a zero-click hack, meaning that it could infect a phone and have complete access to all device systems, including seeing all files, being able to read anything the user types, and being able to access the camera and microphone feeds at all times. It worked across the latest Android and iOS devices.
Now, spyware like Pegasus is extremely expensive to obtain, partly because it is so rare. This means that it still remains highly unlikely that your phone in particular has been infected by spyware which is this advanced. But it remains theoretically possible.
So, how can you keep yourself safe from hacks like these? How do you make sure you’re not hacked?
Well, you really can’t. When an exploit is found, depending on the intentions of the hacker who found it, it is usually relayed to the tech company, who issue a fix. If this exploit is a zero-click, like Pegasus was, it does not require you to do anything wrong in order to infect your phone. So there’s really nothing you can do right, to prevent this sort of thing.
But there are still a lot of steps you can take to be more secure online, with more common forms of spyware and malware, so let’s go through those.
How to stay safe online
Firstly, always keep all your devices updated to the latest available software, including your phone and your laptop or desktop computer. I know frequent updates are annoying, but it’s important to always be running the newest software. If a fix for attacks like Pegasus is released, it can only be downloaded to your phone through a system update. So, if you see that an update is available, don’t wait, do it now.
It is possible to protect yourself from less advanced attacks through your own diligence. Be careful and second guess everything you see on the internet, or get in an e-mail or text message. If you get a text offering you the latest WhatsApp gold version with extra features, or an e-mail saying that a long-lost relative has died and left you millions in inheritance, don’t believe it immediately. If a claim sounds too good to be true, it often is. It’s always best to google offers and claims like this to see if they are spyware, or check if the sender is confirmed to be an organisation or someone impersonating them.
Another very important step is to make sure you don’t use the same password for everything. It’s really hard to remember lots of different passwords, but re-using the same password means that if one of your accounts gets hacked, you also lose access to all other accounts and services. Using a unique password for every separate account you have can be tedious, but it’s an absolute must if you want to be more secure, and safeguard yourself from attacks. You can also use a password manager app to help you remember different passwords.
Also watch: Explained: What is Pegasus spyware, how it works, should you worry?
In the times we live in, it’s important to remember that your data is never truly safe. In the days of zero-click and zero-day attacks, theoretically it is always possible that someone could hack into your phone without you knowing. But what you can do is lower the chances of this happening, and make sure that you’re as safe online as you can be.
