In this day and age anywhere can become a battlefield, whether it is on the real world or the online world of the internet. And an electronic attack can be just as devastating as a physical one, especially when the possibility of having sensitive, personal and classified information is high.
Which is why Apple has taken a lightning-fast step in order to address a weakness of the iOS mobile operating system for iPhones and iPads against a very particular sort of spyware, one used to hack into a prominent Middle Eastern malcontent. To that end they have released an update patch for the latest iOS version, 9.3.5, as reported first by the Associated Press, and enjoined their product users to download it for their devices as soon as possible.
Ahmed Mansoor, an activist and part of the so-called UAE Five, drew attention to this iOS hacking spyware when he received a message on his iPhone 6, containing a web link he was invited to click. Instead, Mansoor forwarded the suspect message to the University of Toronto’s Citizen Lab for investigation, done in conjunction with the Lookout mobile security firm from San Francisco.
What they discovered was a persistent mobile attack spyware on the message that could exploit a flaw of regular 3-day periods in iOS that would leave it vulnerable to illegal access. Once inside according to Lookout’s Thursday blog post on the matter, hackers who have sent the spyware will have constant monitoring of information on the device’s various apps, reading the victim’s email, Facebook posts, WhatsApp conversations and calendar event listings. Lookout researcher Andrew Blaich noted how quickly Apple moved to address the discovered flaw with the iOS patch, proving that the spyware involved was a serious security threat.
Meanwhile, Citizen Lab managed to trace back the bugged message to a “cyber war” firm in Israel that is also owned by an American venture capital company. In a report by Citizen Lab researcher John Scott-Railton, the company called NSO Group has created Pegasus, a powerful spyware product.
NSO spokesman Zamir Dahbash was interviewed by USA Today on the suspected use of their spyware against Mansoor. While he would not disclose the identity of those the firm had sold copies of Pegasus to, he insisted that their product has only ever been available to authorized and verified agencies of world governments, expressly to be used only for “investigating and preventing crimes”.
The flaw 3-day interval vulnerability period exploited by Pegasus was discovered to have been in iOS versions for the past three years, according to Joseph Lorenzo Hall of Washington DC’s Center for
Democracy and Technology. He points out that any iOS using device from that time would be extremely vulnerable to that specific spyware.
The UAE would have had cause to try hacking Mansoor, a known critic of their government; but their embassy in DC has decline to comment.
Photo Credit to awdnews.com