Major iPhone Security Weaknesses Exposed
Yesterday, Apple issued a patch to fix a serious security flaw in iPhones and iPads following the discovery of a previously unknown method of hacking. A few weeks ago, human rights activist, Ahmed Mansoor checked his phone to find a text from an unknown number with a link to what claimed to be insider information regarding torture within the prisons of the United Arab Emirates. Suspicious, Manssor didn’t click the link and instead forwarded the message to Toronto based Citizen Lab. Good thing too; If Mansoor had clicked the link, he could have possibly exposed hundreds of people to being the next targets.
Behind the link was a highly targeted form of spyware designed to take advantage of three previously undisclosed weaknesses in the Apple operating system. Yesterday, two reports surfaced from Lookout, a San Francisco based security company, and Citizen Lab outlined how the program could completely compromise a device with the swipe of a finger. If Mansoor had decided to click on the link, he would have exposed himself to an eavesdropping plot, that could listen to his calls, activate his camera, and drain the phone of all personal data.
Mansoor, a quiet man, has frequently found himself in the crosshairs of the authorities in the United Arab Emirates by calling fro free press and other democratic freedoms. Being one of the few human rights leaders in the UAE with an international profile, the recent hack attempt on his phone should come as no surprise considering that in the past, his support for such measures have cost him his job, passport, and basic liberties.
“Once infected, Mansoors phone would have become a digital spy in his pocket, capable of employing his iPhones camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” Citizen Lab wrote in a report released on Thursday.
Lookout and Citizen Lab have both pointed to the secretive Israeli firm, NSO Group, as the architect behind the software. Citizen Lab has said that the past targeting of Ahmed Mansoor by the UAE government suggests that it’s highly likely that it was behind the latest attack as well. Officials at NSO declined to comment on the issue. In a statement released on Thursday, NSO wrote that the mission of the organization was to provide authorized governments with technology that helps them to combat terror and crime. NSO Chief Executive Shalev Hulio referred questions to spokesman Zamir Dahbash, who said the company “cannot confirm the specific cases” covered in the Citizen Lab and Lookout reports.