Government Hackers Caught Using Unprecedented iPhone Spy Tool
A very interesting advance in malware, described in Motherboard by Lorenzo Franceschi-Bicchierai:
On the morning of August 10, Ahmed Mansoor, a 46-year-old human rights activist from the United Arab Emirates, received a strange text message from a number he did not recognize on his iPhone.
“New secrets about torture of Emiratis in state prisons,” read the tantalizing message, which came accompanied by a link.
Mansoor, who had already been the victim of government hackers using commercial spyware products from FinFisher and Hacking Team, was suspicious and didn’t click on the link. Instead, he sent the message to Bill Marczak, a researcher at Citizen Lab, a digital rights watchdog at the University of Toronto’s Munk School of Global Affairs.
As it turned out, the message wasn’t what it purported to be. The link didn’t lead to any secrets, but to a sophisticated piece of malware that exploited three different unknown vulnerabilities in Apple’s iOS operating system that would have allowed the attackers to get full control of Mansoor’s iPhone, according to new joint reports released on Thursday by Citizen Lab and mobile security company Lookout.
This is the first time that anyone has uncovered such an attack in the wild. Until this month, no one had seen an attempted spyware infection leveraging three unknown bugs, or zero-days, in the iPhone. The tools and technology needed for such an attack, which is essentially a remote jailbreak of the iPhone, can be worth as much as one million dollars. After the researchers alerted Apple, the company worked quickly to fix them in an update released on Thursday.
The question is, who was behind the attack and what did they use to pull it off?
It appears that the company that provided the spyware and the zero-day exploits to the hackers targeting Mansoor is a little-known Israeli surveillance vendor called NSO Group, which Lookout’s vice president of research Mike Murray labeled as “basically a cyber arms dealer.”
The researchers at Citizen Lab and Lookout were impressed by this new, never-seen-before, type of malware.
“We realized that we were looking at something that no one had ever seen in the wild before. Literally a click on a link to jailbreak an iPhone in one step,” Murray told Motherboard. “One of the most sophisticated pieces of cyberespionage software we’ve ever seen.” . . .
Continue reading. And do read the whole thing. Later in the article:
. . . NSO’s malware, which the company codenamed Pegasus, is designed to quietly infect an iPhone and be able to steal and intercept all data inside of it, as well as any communication going through it.
“It basically steals all the information on your phone, it intercepts every call, it intercepts every text message, it steals all the emails, the contacts, the FaceTime calls. It also basically backdoors every communications mechanism you have on the phone,” Murray explained. “It steals all the information in the Gmail app, all the Facebook messages, all the Facebook information, your Facebook contacts, everything from Skype, WhatsApp, Viber, WeChat, Telegram—you name it.” . . .