recommended reading

Threatwatch

Spyware Exploits 3 Zero Days in Apple’s iOS

Cyber espionage

A couple of text messages sent to a human rights activist led to an Apple software update to plug three zero-day vulnerabilities in iOS devices.

Ahmed Mansoor, an activist based in the United Arab Emirates and previous hack victim, forwarded some suspicious text messages he received Aug. 10 to a Citizen Lab researcher, according to a Motherboard report.

Citizen Lab and mobile security firm Lookout found sophisticated malware that uses three zero-day flaws to remotely jailbreak an iOS device and install spyware. Citizen Lab says the exploits—called Trident—are used in Pegasus spyware sold by NSO Group, an Israel-based company with ties to U.S. venture capital firm Francisco Partners Management.

The Lookout report called the Pegasus spyware “the most sophisticated attack” the company has encountered on any endpoint device and suspects it’s been around since iOS 7.

“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” the Citizen Lab report states.

Between the rarity and expense of the zero days involved and that NSO Group sells mobile surveillance software only to governments, Citizen Lab concluded the United Arab Emirate government was behind the texts.

The spyware has “significant abuse potential,” according to Citizen Lab, and could be used to target political opponents, journalists and human rights activists. Lookout said it could be used for high-level corporate espionage.

Apple released software update 9.3.5 patch Aug. 25 to address the vulnerabilities.

sector

Global Organizations; Media

reported

August 25, 2016

reported by

Motherboard

number affected

1

location of breach

UAE

perpetrators

Unknown

location of perpetrators

UAE

date breach occurred

August 10, 2016

date breach detected

August 10, 2016