Apple Patches iPhone Spyware Vulnerabilities With iOS 9.3.5
I spy with my little iPhone! Apple rushes out iPhone patch after discovery of government spying hack
The ongoing battle between technology firms and government intelligence agencies has taken another twist with the discovery of sophisticated spyware for the Apple iPhone.
The exploit code, dubbed Trident, is alleged to originated from a Middle East government and could have turned the iPhone of a human rights activist into a spyware device with just one click.
Human Rights Target
The human right activist in question is Ahmed Mansoor who is based in the United Arab Emirates (UAE).
According to Citizen Lab researchers in Canada, Mansoor received a SMS message on his iPhone. The message contained a link that promised “new secrets” about detainees tortured in UAE jails, if he clicked on it.
But Mansoor was rightly suspicious and instead sent the messages to Citizen Lab researchers, who “recognised the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product.”
Researchers from both Citizen Lab and Lookout Security investigated further and discovered that the link led to a chain of iOS zero-day exploits (“zero-days”) that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware.
The exploit chain has been called ‘Trident’, and once it had infected Mansoor’s iPhone, it would have turned the Apple device into a digital spy in his pocket, by utilising his camera and microphone.
The spyware would have also recorded his WhatsApp and Viber calls, logged messages sent in mobile chat apps, and tracked his movements, said the Citizen Lab researchers.
“We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find,” the Citizen Lab researchers said.
Once both sets of researchers discovered the iOS zero-days, they immediately notified Apple and sharing their findings.
Apple of course has of course previously refused to allow law enforcement surveillance attempts on its products, and it responded quickly. Apple rushed out the iOS 9.3.5 patch to block the Trident exploit chain.
This patch “closes the vulnerabilities that the NSO Group appears to have exploited and sold to remotely compromise iPhones,” said the Citizen Lab researchers.
Pegasus Spyware
“Pegasus is the most sophisticated attack we’ve seen on any endpoint because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile: always connected (Wi-Fi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists,” blogged the Lookout researchers.
“The going price for Pegasus was roughly $8 million for 300 licenses, so it’s not likely to be used against an average mobile device user, only targets that can be considered of high value,” wrote Lookout.
“The Pegasus attack starts with an SMS phishing attack using spoofed sender numbers and anonymised domains to deliver malware to the target’s iPhone,” said Lookout. “The target’s phone is remotely jailbroken and immediately starts compromising the target’s digital life. Calls, texts, calendar and contacts are all copied and sent to the attacker. The software is capable of activating a phone’s cameras and microphone to snoop on conversations around the device. It can also track a victim’s movements and steal messages from end-to-end encrypted chat clients.”
Apple iPhone users are being urged to apply the patch as soon as possible.
“Apple just released iOS 9.3.5, the latest security update for iDevice users,” wrote Paul Ducklin on Sophos’ Naked Security blog.
“We suggest you apply this update as soon as you can,” he wrote. “Ironically, iOS 9.3.4 came out just three weeks ago, and that update also seems to have been hurried out to close a hole that was ostensibly being used for jailbreaking.