Houston - A warning for anyone with an iPhone, iPad, or Mac laptop. Cyber experts have discovered they are vulnerable to a new way that hackers can attack when you're using public Wi-Fi hot spots.
Pegasus spyware has evolved from infecting phones with spear-phishing, where you might click on a malicious link in an email, to what's called a "Zero-click" attack.
That means the hacker gets access to your phone or device without you doing a thing.
"They found that if someone changed the name of Wi-Fi hot spots, any kind of WiFi hot spots, to include a bunch of percents signs and letters, that it would completely disable the Wi-Fi on that phone," said James Meadows, III, a cybersecurity expert and instructor at Rice University.
"Then in the last few days, we learned this not only affects iPhones, but it also affects iPads and Mac laptops," said Meadows.
It's a big concern for anyone working remotely or traveling, because hackers can create Wi-Fi hot spots to look like a restaurant's or hotel's Wi-Fi name, hiding the malicious code in a second line that you don't see.
"An attacker could put the name, then do a ton of spaces until they get to the second line, and then put the malicious code in there and you'd never see it. It would look like perfectly normal Wi-Fi," explained Meadows.
CLICK HERE FOR MORE SULLIVAN SMART SENSE
Then they can start stealing personal and financial information off of your phone.
"They could browse to get you to open programs, get you to browse websites," he said. "They could see your emails and messages. They can do pretty much anything they want."
Apple is expected to come out with a fix in the iOS 14.7 update, so be sure to update your devices. And back up the data on your phone.
To protect yourself, avoid connecting to Wi-Fi networks with percent signs in their names, or to public Wi-Fi networks.
"Make sure you talk to the employees and or check around for signs and things like that to know exactly what is the correct Wi-Fi to be connecting to," said Meadows.
And here is the best way to avoid accidentally signing on to a hacker's hot spot: disable the auto-join feature on your device. Go to "Settings," "Wi-Fi," "Auto-Join Hotspot," "Never."