The target of the attack was a human rights activist in the Middle East but experts say all iPhones are vulnerable. Mansoor received a text message on his iPhone 6 that invited him to click on a web link. Used in tandem, the exploits allow a hacker to hijack an iOS device and control or monitor it remotely.
Advertisement
Researchers at a mobile security firm named Lookout, based in San Francisco, discovered a, “sophisticated, targeted, and persistent mobile attack on iOS using three zero-day vulnerabilities”, called “Trident“.
The flaws have been fixed in iOS 9.3.5 and CitizenLab has published a breakdown of the vulnerabilities to coincide with the security patch. No stranger to hacking attempts, the well-known dissident forwarded the messages to a researcher at Citizen Lab in the University of Toronto’s Munk School of Global Affairs.
Promising that it will send out an alert any time a new update is available, Lookout recommended all iPhone users update their devices to the latest version of iOS immediately. The hacker could then read texts and emails, and track calls and contacts. Those text messages were created to mimic the types of message a user might receive from a legitimate site, said the security researchers.
Jailbreaking is the practice of manually removing some of the software restrictions Apple builds into the iPhone, enabling those who do it to install apps from any source rather than just the App Store.
According to the Associated Press, the NSO Group issued a statement that “stopped short of acknowledging that the spyware was its own”, saying that its mission was to provide “authorized governments with technology that helps them combat terror and crime”. The company is based in Israel, but is reported to be owned by a USA venture capital firm.
Advertisement
“We advise all our customers to always download the latest version of iOS to protect themselves against potential security exploits”, a spokesman told AP. Once the update has been found, users may be prompted to input their device’s security code before downloading it.
