May 22, 2024

Sly attack. Hackers attack iPhones via the Calendar app

Calendar invite brought malware with it.


A new spyware campaign by a spyware company has been detected. It is reminiscent of previous targeted attacks on iPhone users.

no time? Blue News sums it up for you

  • A spyware exploited a vulnerability in the iOS Calendar app.
  • The victims were unaware of the attacks, and their iPhone was completely taken over.
  • The hole is now closed, but the spyware company may have new attack vectors.

The spyware was able to infect iPhones via invisible calendar invitations. The attacks now revealed occurred between January and November 2021 and used an unknown iOS 14 vulnerability, such as Microsoft and the Human Rights Foundation, Citizen Lab. to report.

The attack started with an invitation to an event that was before the send date. That’s why it was automatically inserted into the recipient’s iOS calendar without them even noticing. Then the infection moved into the background.

Unrestricted access to iPhone

This gave the attackers virtually unfettered access to the iPhone. They can read data, listen to phone calls, and activate the camera and microphone unnoticed. The spyware also had a self-destruct mode that was supposed to make detection much more difficult.

However, Microsoft and Citizen Lab were able to identify those responsible for the spyware. This is the Israeli company QuaDreams, which sold the software called “Reign” to various governments, which in turn mainly targeted journalists and members of the opposition.

New attacks possibly in the planning

This business model is almost identical to that of the Israeli spy company NSO Group, which exposed iOS and WhatsApp to authoritarian states and was subject to US sanctions for doing so. In fact, two former NSO employees were among the founders of QuaDream.

See also  South Park and 25 other games in the works at THQ Nordic

There are also significant overlaps in terms of clients. QuaDream has been used in Hungary, Ghana, Mexico, Israel, the United Arab Emirates, and Uzbekistan, among other countries.

Apple has now closed the vulnerability, so this attack method can no longer be used. However, Microsoft suspects that QuaDream is exploiting previously unknown vulnerabilities for new attacks.