Companies that supply their workers with mobile devices may want to take extra efforts to ensure workers are aware of and avoid typical types of exploits like unsolicited links.
Advertisement
The malware, which as per the researchers, originated from an Israeli company called NSO Group that was bought by the USA private equity firm Francisco Partners in 2014, was used to target journalists and activists in some cases, according to Citizen Lab, a group focused on the intersection of technology and information security.
The reason for this shift, Blancco explained, was because software updates released by Apple have caused more iPhone 6 devices to fail.
Researcher worked out with San Francisco based mobile security firm Lookout and found that a “sophisticated, targeted, and persistent mobile attack on iOS using three zero-day vulnerabilities we call ‘Trident”, which some have valued up to $1million. Working together with security firm Lookout, Citizen Lab discovered a sophisticated piece of malware hidden in links contained in the message to Mansoor, which would have compromised his phone just by clicking on them.
iOS 9.3.5 was pushed out on Thursday after security company Lookout and watchdog Citizen Lab informed Apple about a spyware threat that takes advantage of three previously unknown vulnerabilities in the iOS code.
Researchers attributed the attack software to a private seller of monitoring systems, Israel’s NSO Group.
This could have included using the iPhone’s camera and microphone to record activity in the device’s physical vicinity, as well as physically tracking its location.
For nearly every iPhone owner on the planet, their only connection with the “Pegasus” spyware will be in the form of a critical iOS update which Apple issued late yesterday evening. They alerted Apple about the spyware.
Advertisement
The messages promised to reveal secrets about people allegedly being tortured in the United Arab Emirates’ jails if he tapped the links. Earlier this year, exploit broker Zerodium offered and awarded a $1 million bounty or remote jailbreaking capabilities. “Specifically, the products may only be used for the prevention and investigation of crimes”.
