He reported it to Citizen Lab, an internet watchdog, setting off a chain reaction that in two weeks exposed a secretive Israeli cyberespionage firm, defanged a powerful new piece of eavesdropping software and gave millions of iPhone users across the world an extra boost to their digital security.
Advertisement
How the hack was even detected is even more incredible: A human rights activist named Ahmed Mansoor, who has been a target of cyber-espionage in the past, received a odd text message that resembled software breaches he’d dealt with in the past.
To fix the holes, users can obtain a patch through a normal software update issued by Apple in their recent release of a patched version of the mobile software, i.O.S 9.3.5.
Citizen Lab researchers traced the rogue software to NSO Group, an Israeli company that makes software that can “secretly target a user’s mobile phone and gather information from it”. Earlier this month, it beefed up security efforts with its first bug bounty program, with awards up to $200,000 for security researchers for each software bug they find that compromises Apple products. Promising to reveal details about torture in UAE prisons, the unknown sender included a suspicious-looking link at the bottom of the message, but Mansoor didn’t bite.
The entire attack is detailed in a new report from security companies Citizen Lab and Lookout Security, who have received the link from Mansoor.
The Pegasus spyware can access mobile devices’ messages, calls, emails, Global Positioning System location, logs, calendar data, contact lists, passwords and other information from apps including Gmail, Facebook, Skype and FaceTime.
“I don’t think Apple devices are inherently any more or less secure than other vendors’ devices”, Grosfield said.
NSO Group denied any knowledge of this specific hack.
Advertisement
Security firm Lookout worked closely with Apple the moment the discovery was made and described it as “the most sophisticated attack we’ve seen on any endpoint”. Murray is the vice president of security research at San Francisco based Lookout, which focuses on mobile security, says a company is selling hacking software to governments.
