Tech giant Apple has issued an urgent update to its iOS operating system – after boffins discovered a vulnerability that allows hackers to take control of smartphones with just ONE click.
Advertisement
The vulnerabilities and the espionage software that exploits them were discovered by researchers, as it was used on prominent United Arab Emirates human rights activist Ahmed Mansoor.
The malware, which the researchers linked to an Israeli company called NSO Group that was bought by the US private-equity firm Francisco Partners in 2014, was used to target journalists and activists in some cases, according to Citizen Lab. He forwarded the messages to Citizen Lab, who in turn identified the link as being hosted on the same domain believed to be used by an Israeli-based spyware company, NSO Group.
When he shared the suspicious text with Citizen Lab researcher Bill Marczak, they realized he’d been targeted by a third.
Security vendor Lookout, which has been working with researchers from the University of Toronto’s Citizen Lab, has linked the three vulnerabilities it dubbed “Trident” to commercial spyware called Pegasus. The NSO Group sells a type of software that can invisibly hack into a person’s mobile phone, read text messages an emails, and track phone calls. The attacker achieves easy access to almost everything on the iPhone in case that the victim clicks the link.
NSO Group’s software took advantage of the iPhone and iPad security flaw to harvest personal information, listen to conversations through the device’s built-in microphone, and log locations via Global Positioning System.
Apple, which had been alerted of the vulnerability prior to Citizen Lab and Lookout going public with it, issued three security updates to patch the vulnerabilities.
According to the research firms, the latest discovery reveals how the governments could digitally harass dissidents or people like activists, journalists, and human rights workers.
The Pegasus software, one of the products being offered by the NSO Group, was described as a “lawful intercept” spyware tool that is exclusive for government use. Working with Lookout, they confirmed his fears: Mansoor’s attackers would have been able to essentially take over his phone if he’d clicked. Francisco Partners had no immediate comment.
Advertisement
Moreover, Apple also recently started a bug bounty program which will pay $200,000 to researchers who find vulnerabilities on iOS.
