News: iOS spyware revealed in attempted cyber attack on human rights lawye.
Apple has patched a vulnerability in the iOS operating system that hackers tried to exploit to spy on the smartphone of a human rights lawyer.
Citizen Lab and Lookout Security were alerted by Ahmed Mansoor, a member of Human Rights Watch’s advisory committee, who was sent two text messages containing hyperlinks and promising information about detainees in United Arab Emirates prisons. Mansoor forwarded the message to Citizen Lab’s Bill Marczak.
The firms found that the attack was using three critical iOS zero-day vulnerabilities, collectively termed Trident, that together form an attack chain that subverts Apple’s security environment.
This attack is a particularly menacing one because it was found ‘in the wild’ or in active use by cyber attackers, rather than discovered by security researchers in a lab.
According to Citizen Lab, Trident is used in a spyware product called Pegasus, which is developed by an organization called NSO Group.
If successful, the malware would have been able to completely take over the iPhone, including getting access to all information on it and being able to remotely monitor the communications going through it.
This could have included using the iPhone’s camera and microphone to record activity in the device’s physical vicinity, as well as physically tracking its location.
Apple, which had been alerted of the vulnerability prior to Citizen Lab and Lookout going public with it, issued three security updates to patch the vulnerabilities.
Lookout said in a blog post that it believed that the spyware had been in the wild for a “significant amount of time”.
It said that it was being used to attack high-value targets.
Security companies urged all iPhone users to update their iPhones immediately.
“The fact that this particular exploit took advantage of three vulnerabilities to accomplish complete control shows how advanced and committed the authors are,” said Travis Smith, Senior Security Research Engineer at Tripwire.
He said that while the exploit was currently targeting high profile targets such as Mansoor, the exploit could eventually be used to target wider audiences.