The researchers have already informed Apple about the exploits, and iOS version 9.3.5 – which was released on Thursday – fixes the issues.
Advertisement
A human rights activist nearly fell victim to a spyware attack on his iPhone, which could have given hackers free reign to his personal data, eavesdrop on calls, activate his phone camera and much more.
Citizen Lab has pointed the finger at NSO Group, the makers of a software product called Pegasus which, the company says, is designed for “lawful interception” of data by governments.
Mansoor received text messages on Aug 10 and 11 promising that secrets about detainees being tortured in UAE jails could be accessed by clicking on an enclosed link, researchers said.
The security flaw was discovered by Citizen Lab and Lookout who have revealed that the flaw was used to install spyware on devices, it was apparently used by government hackers.
Mike Murrary, a researcher with Lookout, described the program as “the most sophisticated spyware package we have seen in the market”. After analyzing the code, Citizen Lab has concluded that the hacking software was code written by NSO, a company based in Israel and specialized in hacking software which is sold to governments in a highly regulated fashion according to the company, which denies any link to this attack.
The flaw lets the hacker break into an iOS device and spy on information gleaned from the victims’ apps such as Facebook, WhatsApp, FaceTime, Gmail and Calendar, the post said.
Mr Mansoor is a prominent human rights defender in the UAE and has faced various cyber attacks in the past.
iPhone and iPad users are being advised to update their software immediately after an attempt to hack into phones using “the most sophisticated software” the company has ever seen.
To protect your iPhone against this flaw, you need to make sure you’re running the latest version of Apple’s operating system – iOS 9.3.5. If Mansoor had followed the link, it would have jailbroken his phone on the spot and implanted it with malware, capable of logging encrypted messages, activating the microphone and secretly tracking its movements.
As for NSO Group, the organization is staying mostly mum on their actions.
Advertisement
In particular, Pegasus exploits three iOS vulnerabilities, which are being called the “Trident”. If Mansoor clicked on these links, hackers would have been able to remotely access his device.
