Wednesday, June 20, 2018
Business

Apple boosts iPhone security after Middle East spyware discovery

PARIS — A botched attempt to break into the iPhone of an Arab activist using hitherto unknown espionage software has trigged a global upgrade of Apple's mobile operating system, researchers said Thursday.

The spyware took advantage of three previously undisclosed weaknesses in Apple's mobile operating system to take complete control of iPhone devices, according to reports published Thursday by the San Francisco-based Lookout smartphone security company and internet watchdog group Citizen Lab. Both reports fingered the NSO Group, an Israeli company with a reputation for flying under the radar, as the author of the spyware.

"The threat actor has never been caught before," said Mike Murray, a researcher with Lookout, describing the program as "the most sophisticated spyware package we have seen in the market."

The reports issued by Lookout and Citizen Lab — based at the University of Toronto's Munk School of Global Affairs — outlined how an iPhone could be completely compromised with the tap of a finger, a trick so coveted in the world of cyberespionage that in November a spyware broker said it had paid a $1 million dollar bounty to programmers who'd found a way to do it. Such a compromise would give hackers full control over the phone, allowing them to eavesdrop on calls, harvest messages, activate cameras and microphones and drain the device of its personal data.

Arie van Deursen, a professor of software engineering at Delft University of Technology in the Netherlands, said both reports were credible and disturbing. Forensics expert Jonathan Zdziarski described the malicious program as a "serious piece of spyware."

Apple said in a statement that it fixed the vulnerability immediately after learning about it, but the security hole may have gone unpatched had it not been for the wariness of an embattled human rights activist in the United Arab Emirates.

Ahmed Mansoor, a well-known human rights defender, first alerted Citizen Lab to the spyware after receiving an unusual text message on Aug. 10. Promising to reveal details about torture in the United Arab Emirates' prisons, the unknown sender included a suspicious-looking link at the bottom of the message.

Mansoor wasn't convinced. Not only had he been imprisoned, beaten, robbed and had his passport confiscated by the authorities over the years, Mansoor had also repeatedly found himself in the crosshairs of electronic eavesdropping operations. In fact Mansoor already had the dubious distinction of having weathered attacks from two separate brands of commercial spyware. And when he shared the suspicious text with Citizen Lab researcher Bill Marczak, they realized he'd been targeted by a third.

Marczak, who'd already been looking into the NSO Group, said he and fellow-researcher John Scott-Railton turned to Lookout for help picking apart the malicious program, a process which Murray compared to "defusing a bomb."

"It is amazing the level they've gone through to avoid detection," he said of the software's makers. "They have a hair-trigger self-destruct."

Working feverishly over a two-week period, the researchers found that Mansoor had been targeted by an unusually sophisticated piece of software which likely cost a small fortune to arm.

"Ahmed Mansoor is a million-dollar human rights defender," Scott-Railton said.

In a statement which stopped short of acknowledging that the spyware was its own, the NSO Group said its mission was to provide "authorized governments with technology that helps them combat terror and crime."

The company said it had no knowledge of any particular incidents. It said it would not make any further comment.

The apparent discovery of Israeli-made spyware being used to target a dissident in the United Arab Emirates raises awkward questions for both countries. The use of Israeli technology to police its own citizens is an uncomfortable strategy for an Arab country with no formal diplomatic ties to the Jewish state. And Israeli complicity in a cyberattack on an Arab dissident would seem to run counter to the country's self-description as a bastion of democracy in the Middle East.

Authorities in both countries did not return calls seeking comment.

Attorney Eitay Mack, who advocates for more transparency in Israeli arms exports, said his country's exports of surveillance software were not closely policed.

"Surveillance is not considered a lethal weapon," Mack said. And Israeli regulations "don't take into consideration human rights or that it would be used by a government to oppress dissidents."

He noted that Israeli Prime minister Benjamin Netanyahu has cultivated ties with Arab Gulf states. Netanyahu in 2014 urged Saudi Arabia and the United Arab Emirates to join him in the war on terrorism.

"Israel is looking for allies," Mack said. "And when Israel finds allies, it does not ask too many questions."

Comments
What historically high lumber prices mean for Florida home buyers

What historically high lumber prices mean for Florida home buyers

Blame a lack of rail cars in Canada or not enough semi trucks in the United States. Forest fires didn’t help. Tariffs played a big role, too. Even the buoyant economy takes part of the rap for frothy lumber prices, which hit all-time highs las...
Updated: 2 hours ago
Citizens considers hiking homeowners insurance rates about 8 percent

Citizens considers hiking homeowners insurance rates about 8 percent

For the second year in a row, Citizens Property Insurance Corp. is asking state regulators to approve hefty rate hikes because of an abundance of non-weather claims that end up in court. If approved, the average rates for homeowners covered by Citize...
Updated: 2 hours ago
What historically high lumber prices mean for Florida home buyers

What historically high lumber prices mean for Florida home buyers

Blame a lack of rail cars in Canada or not enough semi trucks in the United States. Forest fires didn’t help. Tariffs played a big role, too. Even the buoyant economy takes part of the rap for frothy lumber prices, which hit all-time highs las...
Updated: 2 hours ago
A valet at this South Tampa Publix will park your car as you shop

A valet at this South Tampa Publix will park your car as you shop

TAMPA — Publix shoppers in South Tampa who hate circling the lot for parking can now toss their keys to a valet.The Publix at Dale Mabry and Neptune started testing a free valet service last week that could expand to more stores. Spokesman Brian West...
Updated: 2 hours ago
As Tesla races to meet Model 3 deadline, factory pressures and suspicions grow

As Tesla races to meet Model 3 deadline, factory pressures and suspicions grow

Tesla chief Elon Musk said last week that the company’s layoffs of 9 percent of its workforce wouldn’t affect production as the all-electric automaker races to build thousands of new Model 3 sedans a week.But documents the company filed days later wi...
Updated: 10 hours ago
Tech Data sending a record 700 employees to march in Pride Parade

Tech Data sending a record 700 employees to march in Pride Parade

Among the marching bands and twirlers at Saturday’s St. Pete Pride Parade, one major sponsor, Tech Data, is sending by far a record number of employees — more than 700 at last count — to march in Florida’s largest gay pride parade.The parade, which d...
Published: 06/19/18
Sign to report employees not speaking English at doughnut shop creates a stir

Sign to report employees not speaking English at doughnut shop creates a stir

A sign asking customers at a Dunkin’ Donuts store in Baltimore to report employees who were heard not speaking English has set off a controversy.The sign, according tothe Baltimore Sun, would offer coupons to customers who reported workers at a dough...
Published: 06/19/18
Florida Bankers Association recognizes Bill Klich with award

Florida Bankers Association recognizes Bill Klich with award

Former Tampa Bay banking executive Bill Klich was presented the Lifetime Achievement Award from the Florida Bankers Association last week at an annual meeting in Palm Coast.Klich, 73, has a strong reputation with more than four decades of commercial ...
Published: 06/19/18
Jeff Vinik-backed construction material firm headed to Port Tampa Bay

Jeff Vinik-backed construction material firm headed to Port Tampa Bay

TAMPA — With $3 billion in construction on the boards, Water Street Tampa will need a lot of concrete, so a company whose largest investor is Jeff Vinik is moving to Port Tampa Bay to begin importing fly ash, a component of concrete.Spartan Materials...
Published: 06/19/18
Drugs at your doorstep: CVS will deliver prescriptions to your home

Drugs at your doorstep: CVS will deliver prescriptions to your home

CVS Health will make prescription deliveries nationwide to accommodate the heightened expectations of convenience from consumers. The nation’s second-largest drugstore chain says it also will make home deliveries of other items, like allergy medicine...
Published: 06/19/18