In a statement to USA TODAY Thursday, Apple said it immediately fixed the vulnerability upon learning of it. He had been the victim of spyware in the past and so forwarded the message to researchers at the University of Toronto’s Citizen Lab.
Advertisement
Two reports published Thursday by the San Francisco-based Lookout and internet watchdog group Citizen Lab outline how the spyware could compromise an iPhone with the tap of a finger, a trick so coveted in the world of cyberespionage that one spyware broker said past year that it had paid a $1 million dollar bounty to programmers who’d found a way to do it.
In response to a series of zero-day vulnerabilities, Apple yesterday released an update to the latest version of iOS 9.
NSO Group was acquired by USA firm Francisco Partners Management six years ago, according to Lookout and Citizen. Citizen Lab had been tracking the infrastructure behind the most recent exploit before receiving phishing links that matched a domain Citizen Lab had already been following.
“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements”, Citizen Lab wrote in a report released on Thursday.
Had he fallen for the ruse, the Trident chain of “zero-day exploits” would have broken into his iPhone and installed sophisticated spy software.
The tech company’s background, pieced together from industry reports, reflects the growing boom in cybersecurity firms that operate in a nebulous area: creating software and processes that break into encrypted devices for government entities.
The cyber attack on Mansoor was not linked to a specific government.
U.A.E. authorities did not comment on the matter.
Citizen Lab contacted Lookout, a San Francisco-based cyber security firm, to help verify the existence of the security breach.
Lookout and Citizen believe that the spyware has been “in the wild for a significant amount of time”.
The NSO tactics included impersonating sites such as the International Committee of the Red Cross, the British government’s visa application processing website, and a wide range of news organizations and major technology companies, the researchers said.
Advertisement
“It is also being used to attack high-value targets for multiple purposes, including high-level corporate espionage on iOS, Android and Blackberry”. The version may not be safe from other vulnerabilities found by the Federal Bureau of Investigation, which did not disclose them to Apple. Citizen Lab has also found evidence that “state-sponsored actors” used NSO weapons against a Mexican journalist who reported on high-level corruption in that country and on an unknown target in Kenya.
