Apple has issued a global update of its iOS mobile operating system after a botched attempt to break into the iPhone of an Arab activist using spyware.
Advertisement
“We realized that we were looking at something that no one had ever seen in the wild before”, said Mike Murray, a researcher with Lookout, in an interview with Motherboard.
Apple has released a security patch for iOS, following reports an Israeli security firm used a set of security loopholes for surveillance purposes. But the spyware highlights how even companies with strong security reputations struggle to compete with a robust market for hacking tools.
A human rights activist nearly fell victim to a spyware attack on his iPhone, which could have given hackers free reign to his personal data, eavesdrop on calls, activate his phone camera and much more.
Apple told various U.S. media outlets that it fixed the vulnerabilities as soon it learned about them.
“I’m a regular target for the authorities here”, said Ahmed in The Washington Post.
It’s unlikely that any of the exploits reached iOS end users, since they were caught by researchers and Apple. According to their reports, the hackers send targets a text message containing a link. All of Mansoor’s passwords on the apps installed on his iPhone would also have been exposed to the attackers. The messages asked him to click on a link, promising to tell him new secrets about prisoners being tortured in UAE jails.
The UAE’s embassy didn’t immediately respond for comment. Based on Citizen Lab’s report, it appears that the group was primarily targeting human rights activists and journalists. The researchers were able to track a network of sites serving as infection vectors for the malware, some that used web addresses created to trick users into thinking they are legitimate sites. But instead of clicking, he forwarded the message to researchers at the University of Toronto’s Citizen Lab.
You can do this by going into the Settings menu on your Apple device, tapping “General”, tapping “Software Update”, and if there is an update available, tapping “Download and Install”.
Advertisement
The secretive company NSO Group maintains little web presence and keeps deliberately a low profile.
