Israeli firm linked to hacks of UAE activist's iPhone
26 Aug 2016
An Israeli company named NSO Group is said to be behind the tools that were used in a hacking attempt on a human rights activist in the United Arab Emirates, however details of the ultra-secretive company are not known.
The NSO Group that ells sophisticated hacking tools to governments, defence forces and intelligence agencies, keeps a low profile, changing its name on a regular basis.
According to commentators, that profile is likely to be raised following the in-depth research conducted by Lookout Security and Citizen Lab's Bill Marczak and John Scott-Railton, who exposed a major iOS security flaw that allowed an attacker to take full control of an iPhone using nothing more than a text message.
The activities of the company came to light after Ahmed Mansoor, a 46-year-old human rights activist from the United Arab Emirates, received a strange text message from a number he did not recognise on his iPhone.
''New secrets about torture of Emiratis in state prisons," read the intriguing message, which was accompanied by a link.
The message raised Mansoor's suspicion as he had earlier been the victim of government hackers. He did not click the link but sent the message to Marczak.
It turned out that the message was not what it purported to be and the link did not lead to any secrets, but to a sophisticated piece of malware.
The malware exploited three different unknown vulnerabilities in Apple's iOS operating system which would have allowed the attackers to gain full control of Mansoor's iPhone.
This comes as the first time anyone had uncovered an attack of the kind. Until this month, there had been no instance of an attempted spyware infection leveraging three unknown bugs, or zero-days, in the iPhone. The tools and technology needed for such an attack, which was essentially a remote jailbreak of the iPhone, could be worth as much as $1 million according to experts.
The researchers alerted Apple which rolled out an update yesterday to fix the vulnerabilities.
.webp)
