A botched attempt to break into an activist’s iPhone using hitherto unknown espionage software has triggered a global upgrade of Apple’s mobile operating system, researchers said Thursday.
The spyware took advantage of three previously undisclosed weaknesses in Apple’s mobile operating system to take control of iPhone devices, according to reports published Thursday by the San Francisco-based Lookout smartphone security company and Internet watchdog group Citizen Lab. Both reports pointed to the NSO Group, an Israeli company with a reputation for flying under the radar, as the author of the spyware.
“The threat actor has never been caught before,” said Mike Murray, a researcher with Lookout, describing the program as “the most sophisticated spyware package we have seen in the market.”
The reports issued by Lookout and Citizen Lab — based at the University of Toronto’s Munk School of Global Affairs — outlined how an iPhone could be compromised with the tap of a finger, a trick so coveted in the world of cyberespionage that in November a spyware broker said it had paid a $1-million bounty to programmers who had found a way to do it.
Such a compromise would give hackers full control over the phone, enabling them to eavesdrop on calls, harvest messages, activate cameras and microphones and drain the device of its personal data.
Arie van Deursen, a professor of software engineering at Delft University of Technology in the Netherlands, said both reports were credible and disturbing. Forensics expert Jonathan Zdziarski described the malicious program as a “serious piece of spyware.”
Apple said it fixed the vulnerability immediately after learning about it, but the security hole may have gone unpatched had it not been for the wariness of a human rights activist in the United Arab Emirates.
Ahmed Mansoor, a well-known human rights defender, first alerted Citizen Lab to the spyware after receiving an unusual text message Aug. 10. Promising to reveal details about torture in the United Arab Emirates’ prisons, the unknown sender included a suspicious-looking link at the bottom of the message.
Mansoor wasn’t convinced. Not only had he been imprisoned, beaten, robbed and had his passport confiscated by the authorities over the years, he also had repeatedly found himself in the crosshairs of electronic eavesdropping operations.
When Mansoor shared the suspicious text message with Citizen Lab researcher Bill Marczak, they realized he’d been targeted again.
Marczak, who had already been looking into the NSO Group, said he and fellow researcher John Scott-Railton turned to Lookout for help picking apart the malicious program, a process which Murray compared to “defusing a bomb.”
“It is amazing the level they’ve gone through to avoid detection,” he said of the software’s makers. “They have a hair-trigger self-destruct.”
Working over a two-week period, the researchers found that Mansoor had been targeted by an unusually sophisticated piece of software that probably cost a small fortune.
In a statement that stopped short of acknowledging that the spyware was its own, the NSO Group said its mission was to provide “authorized governments with technology that helps them combat terror and crime.”
The company said it had no knowledge of any particular incidents. It said it would not make any further comment.
The apparent discovery of Israeli-made spyware being used to target a dissident in the United Arab Emirates raises awkward questions for both countries.
The use of Israeli technology to police its own citizens is an uncomfortable strategy for an Arab country with no formal diplomatic ties to the Jewish state. And Israeli complicity in a cyberattack on an Arab dissident would seem to run counter to the country’s self-description as a bastion of democracy in the Middle East.
Authorities in both countries did not return calls seeking comment.
2:40 p.m.: This article was updated with additional details.
This article was originally published at 10:55 a.m.