The rise of social engineering scams targeting mobile devices has been a cause for concern among many Singaporeans. While reports have highlighted Android as a vulnerable mobile operating system due to its ability to install unofficial applications. However, it does not mean that iPhone users are immune to other forms of intrusion.

“It often seems like Android devices are targeted more, but it is mostly because over 70 per cent of the world’s phones are Android-based,” said Jan Sysmans, Mobile App Security Evangelist at Appdome.

“Furthermore, the Android operating system is very open, and users can download apps from sources other than the official Google Play Store, which increases the likelihood of fraudulent or malicious apps,” he added.

In June of this year, Channel News Asia reported that “researchers at Citizen Lab discovered Pegasus, a spyware linked to the Israeli firm NSO, which exploited a vulnerability in Apple devices.”

---

What is Pegasus?

Pegasus is a powerful spyware that infiltrates and compromises device security. It exploits vulnerabilities to monitor and collect sensitive information, intercept communications, access personal data, and remotely control device cameras and microphones. It poses a serious threat to individuals, organisations, and governments, emphasising the importance of strong security measures against advanced threats.

---

Vulnerabilities in iPhones Exist

The Cyber Security Agency Singapore recently reported two vulnerabilities found in iOS devices. These vulnerabilities are the buffer overflow vulnerability and validation vulnerability. According to the report, exploiting these vulnerabilities could allow an attacker to execute arbitrary code on the affected products. This could result in unauthorised access or manipulation of the device’s functions or data.

Fortunately, Apple consistently addresses urgent matters promptly through updates. It is important for all mobile users to regularly update their devices, and for organisations to enhance their cybersecurity efforts.

Jan advises, “Always update to the latest version of the operating system right away and don’t click on links sent by people you do not trust.”

He emphasises, “It should be noted that advanced malware can hide in the device and monitor the device in the background for an opportunity to attack – this would be when the user accesses their mobile banking application or other private information on their device. Most consumers will not be able to detect malware hiding in their device and we must assume that most devices already have malware. Hence, in light of more sophisticated attacks methods, organisations need to step up to protect their consumers.”