Make us your home page
Instagram

Apple boosts iPhone security after Middle East spyware discovery

PARIS — A botched attempt to break into the iPhone of an Arab activist using hitherto unknown espionage software has trigged a global upgrade of Apple's mobile operating system, researchers said Thursday.

The spyware took advantage of three previously undisclosed weaknesses in Apple's mobile operating system to take complete control of iPhone devices, according to reports published Thursday by the San Francisco-based Lookout smartphone security company and internet watchdog group Citizen Lab. Both reports fingered the NSO Group, an Israeli company with a reputation for flying under the radar, as the author of the spyware.

"The threat actor has never been caught before," said Mike Murray, a researcher with Lookout, describing the program as "the most sophisticated spyware package we have seen in the market."

The reports issued by Lookout and Citizen Lab — based at the University of Toronto's Munk School of Global Affairs — outlined how an iPhone could be completely compromised with the tap of a finger, a trick so coveted in the world of cyberespionage that in November a spyware broker said it had paid a $1 million dollar bounty to programmers who'd found a way to do it. Such a compromise would give hackers full control over the phone, allowing them to eavesdrop on calls, harvest messages, activate cameras and microphones and drain the device of its personal data.

Arie van Deursen, a professor of software engineering at Delft University of Technology in the Netherlands, said both reports were credible and disturbing. Forensics expert Jonathan Zdziarski described the malicious program as a "serious piece of spyware."

Apple said in a statement that it fixed the vulnerability immediately after learning about it, but the security hole may have gone unpatched had it not been for the wariness of an embattled human rights activist in the United Arab Emirates.

Ahmed Mansoor, a well-known human rights defender, first alerted Citizen Lab to the spyware after receiving an unusual text message on Aug. 10. Promising to reveal details about torture in the United Arab Emirates' prisons, the unknown sender included a suspicious-looking link at the bottom of the message.

Mansoor wasn't convinced. Not only had he been imprisoned, beaten, robbed and had his passport confiscated by the authorities over the years, Mansoor had also repeatedly found himself in the crosshairs of electronic eavesdropping operations. In fact Mansoor already had the dubious distinction of having weathered attacks from two separate brands of commercial spyware. And when he shared the suspicious text with Citizen Lab researcher Bill Marczak, they realized he'd been targeted by a third.

Marczak, who'd already been looking into the NSO Group, said he and fellow-researcher John Scott-Railton turned to Lookout for help picking apart the malicious program, a process which Murray compared to "defusing a bomb."

"It is amazing the level they've gone through to avoid detection," he said of the software's makers. "They have a hair-trigger self-destruct."

Working feverishly over a two-week period, the researchers found that Mansoor had been targeted by an unusually sophisticated piece of software which likely cost a small fortune to arm.

"Ahmed Mansoor is a million-dollar human rights defender," Scott-Railton said.

In a statement which stopped short of acknowledging that the spyware was its own, the NSO Group said its mission was to provide "authorized governments with technology that helps them combat terror and crime."

The company said it had no knowledge of any particular incidents. It said it would not make any further comment.

The apparent discovery of Israeli-made spyware being used to target a dissident in the United Arab Emirates raises awkward questions for both countries. The use of Israeli technology to police its own citizens is an uncomfortable strategy for an Arab country with no formal diplomatic ties to the Jewish state. And Israeli complicity in a cyberattack on an Arab dissident would seem to run counter to the country's self-description as a bastion of democracy in the Middle East.

Authorities in both countries did not return calls seeking comment.

Attorney Eitay Mack, who advocates for more transparency in Israeli arms exports, said his country's exports of surveillance software were not closely policed.

"Surveillance is not considered a lethal weapon," Mack said. And Israeli regulations "don't take into consideration human rights or that it would be used by a government to oppress dissidents."

He noted that Israeli Prime minister Benjamin Netanyahu has cultivated ties with Arab Gulf states. Netanyahu in 2014 urged Saudi Arabia and the United Arab Emirates to join him in the war on terrorism.

"Israel is looking for allies," Mack said. "And when Israel finds allies, it does not ask too many questions."

Apple boosts iPhone security after Middle East spyware discovery 08/25/16 [Last modified: Thursday, August 25, 2016 3:14pm]
Photo reprints | Article reprints

© 2017 Tampa Bay Times

    

Join the discussion: Click to view comments, add yours

Loading...
  1. Lightning GM Steve Yzerman sells house for $3 million to new player

    Real Estate

    TAMPA — Tampa Bay Lightning General Manager Steve Yzerman's multi-million Davis Islands home is staying in the Lightning family. Yzerman sold his 6,265-square-foot house Monday to new defenseman Dan Girardi for $3 million.

    The Davis Islands home of Tampa Bay Lightning General Manager Steve Yzerman sold for $3 million Monday to Lightning defenseman Dan Girardi. | [Courtesy of Hi Res Media]
  2. Trigaux: As Florida seeks top 10 status as best business state, red flag rises on workforce

    Business

    In the eternal quest to appeal more to business than other states, Florida's managed to haul itself out of some pretty mediocre years. After scoring an impressive 8 among 50 states way back in 2007, Florida suffered horribly during and immediately after the recession. Its rank sank as low as No. 30 only four years ago, …

    Florida's trying to make strides in preparing its high school and college graduates for the rapidly changing skill sets of today's workforce. But the latest CNBC ranking of the best and worst states for business gave Florida poor marks for education, ranking No. 40 (tied with South Carolina for education) among the 50 states. Still, Florida ranked No. 12 overall in the best business states annual ranking. [Alan Berner/Seattle Times]
  3. Florida: White man who killed black person to be executed

    State Roundup

    GAINESVILLE — For the first time in state history, Florida is expecting to execute a white man for killing a black person — and it plans to do so with help of a drug that has never been used previously in any U.S. execution.

    This undated photo provided by the Florida Department of Corrections shows Mark Asay. If his final appeals are denied, Asay is to die by lethal injection after 6 p.m. Thursday. Asay was convicted by a jury of two racially motivated, premeditated murders in Jacksonville in 1987.  [Florida Department of Corrections via AP]
  4. Can the Bad Boys Mowers Gasparilla Bowl thrive in competitive sports market?

    Business

    ST. PETERSBURG — It's a funky name: the Bad Boys Mowers Gasparilla Bowl. But the new sponsors for the former St. Petersburg Bowl might need more than an eye-catching name to create a thriving, profitable contest.

    NC State head coach Dave Doeren clutches the championship trophy after winning the Bitcoin Bowl at Tropicana Field in St. Petersburg in 2014. Bowl organizers are changing the name of the game to the Bad Boy Mowers Gasparilla Bowl.
[

MONICA HERNDON | TIMES]
  5. Apple Scales Back Its Ambitions for a Self-Driving Car

    Autos

    SAN FRANCISCO — As new employees were brought into Apple's secret effort to create a self-driving car a few years ago, managers told them that they were working on the company's next big thing: A product that would take on Detroit and disrupt the automobile industry.

     In this Monday, April 10, 2017 file photo, Luminar CEO Austin Russell monitors a 3D lidar map on a demonstration drive in San Francisco. Russell, now 22, was barely old enough to drive when he set out to create a safer navigation system for robot-controlled cars. His ambitions are about to be tested five years after he co-founded Luminar Technologies, a Silicon Valley startup trying to steer the rapidly expanding self-driving car industry in a new direction. Apple says it will scale back its amitions to build a self-driving car.  [AP Photo/Ben Margot]