iPhone Spyware Flaw Unfolds

Apple’s most recent iOS operating system was found to have software flaws that made it incredibly easy for a hacker to install spyware on a victim’s device. According to security experts, the security breach could be set in motion simply by tricking a target into clicking on a link.

apple2The vulnerability was discovered when a human rights lawyer alerted security researchers that he was receiving unsolicited text messages. The researchers ultimately isolated three previously unknown flaws within the most recent version of Apple’s iOS, a discovery which has already resulted in Apple’s release of a software update that patches the vulnerabilities.

The security researchers were employees of two different firms: Citizen Lab and Lookout. Both firms held back on announcing the discovery until Apple had issued the new update.

The text messages received by human rights lawyer Ahmen Mansoor were sent on August 10th and 11th. The texts promised Mansoor that if he clicked the links, he would be able to access “secrets” regarding people being allegedly held and tortured in the United Arab Emirates’ jails.

According to Citizen Lab, had Mansoor clicked on the links, his iPhone 6 would have become jailbroken and unauthorized software would have been installed on his device.

“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages send in mobile chat apps, and tracking his movements,” Citizen Lab explained. “We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find.”

Lookout called the malware “the most sophisticated spyware package we’ve seen.”

“It takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile- always connected (wi-fi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords and contact lists.”

apple3Researchers have attributed the bug’s creation to an Israeli cyber-war company called the NSO Group. NSO then issued a statement confirming that it creates technology to “combat terror and crime” but denying that it was responsible for the spyware.

Previously unknown vulnerabilities that are readily exploitable in a product’s hardware or software are called “zero-day flaws.” According to Professor Alan Woodward, for a zero-day to be found in the software of something so widely used is “rather rare.”

“To have several found at once is even rarer. As can be seen from how these have been exploited to date, it represents a serious threat to the security and privacy of iOS users,” he continued.

“Apple has been remarkably responsive in providing fixes for these issues, so I would encourage any iOS users to update to the latest version of the operating system.”

While the flaw reveals the intimidating reality of sophisticated hackers with political agendas, the response made by the wary target, security researchers and Apple demonstrate the responsibility and capability of people set on countering cyber crime.

Leave a Reply