Subscribe
First Look

How a human rights activist sparked an iPhone security update

After an activist's iPhone was targeted with revolutionary spyware, Apple fixed all three 'zero day' flaws and built the patches into iOS 9.3.5.

  • close
    The Israeli NSO Group software company had offices in this building, seen Aug. 25 in Herzliya, Israel, until few months ago. A botched attempt to break into the iPhone of a UAE activist using hitherto unknown espionage software has trigged a global upgrade of Apple's mobile operating system, researchers said Thursday.
    Daniella Cheslow/AP
    View Caption
  • About video ads
    View Caption
of

A trio of previously unknown weaknesses in Apple's iOS security were unearthed when a human rights activist from the United Arab Emirates (UAE) received a malicious text message from what turned out to be an Israeli spyware firm, NSO Group.

Ahmed Mansoor, whose human rights work has caused him to be targeted by his government in the past, suspected he should not click the link in a text he received August 10, which claimed to lead to information about torture in UAE prisons. Instead he brought it to the attention of the internet watchdog group Citizen Lab, which turned to mobile security company Lookout for help picking apart the spyware.

"It is amazing the level they've gone through to avoid detection," Mike Murray, a vice president at Lookout, told the Associated Press. The software designers installed "a hair-trigger self-destruct," he said.

Recommended:Opinion 4 ways US can boost cyber security

It took the security experts two weeks to pick apart the software, which would have allowed the NSO Group, or whoever bought the software from them, to read Mr. Mansoor's text messages and emails, track his calls and contacts, record sounds around him, collect his passwords, and track his location.

"The company sells only to authorized governmental agencies, and fully complies with strict export control laws and regulations," NSO Group spokesperson Zamir Dahbash told The New York Times, adding that they have no control over how the software they design are used.

In an impressively quick turn around, Apple fixed all three flaws exposed by Citizen Lab and Lookout in just 10 days, and released an iOS 9.3.5 update that included the new security updates.

"We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits," said Fred Sainz, an Apple spokesman, according to the Times.

Finding one, much less three, "zero day" security flaws is a rarity: the term refers to the fact that Apple did not know about them previously, and therefore had zero days to patch them. Security holes of this kind are incredibly valuable to spy agencies and law enforcement networks: last year, security company Zerodium paid $1 million to hackers who uncovered another zero day flaw in Apple software.

Recommended: 10 brands you'll have to give up if you're boycotting Israel

James Comey, the director of the Federal Bureau of Investigation, revealed that the FBI paid hackers to get into the iPhone of one of the shooters in the San Bernardino, Calif. mass killing after Apple refused to design a back door entrance to aid in the investigation.

Similarly, Apple offers a "bug bounty" to hackers who report vulnerabilities directly to Apple, to discourage them from selling the information to malicious companies or to government agencies.

NSO Group’s spyware has been used against targets in Yemen, Turkey, Mozambique, Mexico, Kenya, and the UAE, the Times reports. 

This report includes material from the Associated Press.

About these ads
Sponsored Content by LockerDome
 
 
Make a Difference
Inspired? Here are some ways to make a difference on this issue.
FREE Newsletters
Get the Monitor stories you care about delivered to your inbox.
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK