Who are the Hackers Behind the Apple Spyware Problem?
On Thursday, Apple released a new security update for iPhone users worldwide after the discovery of an attempted hack that was trying to take advantage of three huge vulnerabilities in the iOS operating system. Using these three factors, now called the “Trident” flaw, hackers could take complete control over someone’s phone remotely, without the owner knowing about it.
The group that is believed to be behind the hack is an American-owned, Israeli-based company called NSO. It was founded in late 2009 by two Israeli mass-entrepreneurs with ties to the Israeli government and defense forces. In 2014 a San Francisco-based equity firm bought a majority stake in the company for $120 million.
NSO says it specializes in tools fighting against crime and terrorism. Its LinkedIn page describes the company as in “the field of Internet security software solutions and security research.” But many security firms call the group a “cyber arms dealer.” An online document from NSO says it is “a leader in the field of cyber warfare” that utilizes its proprietary monitoring tool it calls “Pegasus,” which can monitor and extract all data from a target “via untraceable commands” which allow “remote and stealth.”
Human rights activist Ahmed Mansoor from the United Arab Emirates was the first one to report the suspected hack, after receiving a text message to his iPhone with a link promising to reveal details about torture in his country’s prisons. Instead of clicking the link he contacted the Toronto-based internet watchdog Citizen Lab.
— Azza Youssri (@AzzaYoussri) August 26, 2016
Reports issued on Thursday by Citizen Lab and San Francisco mobile security company Lookout revealed how they discovered an advanced spyware that could take over the whole phone at the tap of a finger. If you click the link in a fake message like the one Mansoor received, it would activate spying software called “Pegasus” and hackers could listen in on your calls, collect text messages and personal information, and control your camera.
This advanced technique is so highly desirable in the cyber world that one spyware broker said in November that it had paid $1 million to programmers who said they had found a way to do it, according to the Telegraph.
On Thursday an Apple spokesperson said:
We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5. We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits.