NSO Group, a company that sells hacking services to governments so they can spy on journalists and dissidents, exploited gaping security holes in iPhone software, according to a report byLookout Security and Citizen Lab. But don’t worry: Apple just pushed a fix.
The New York Times reports:
The NSO Group’s software can read text messages and emails and track calls and contacts. It can even record sounds, collect passwords and trace the whereabouts of the phone user.
This is about as bad as it gets. Apple released a patch yesterday to fix these massive security problems, and you should download it immediately.
Other orgs spoofed by NSO via lookalike domains include YouTube, Facebook, Google, Univision, BBC, CNN and AlJazeera pic.twitter.com/nIwKNVDnNC
— Christopher Soghoian (@csoghoian) August 25, 2016
Lookout security researcher Mike Murray explained the scary exploit in an interview with Motherboard. “We realised that we were looking at something that no one had ever seen in the wild before,” Murray said. “Literally a click on a link to jailbreak an iPhone in one step. One of the most sophisticated pieces of cyberespionage software we’ve ever seen.”
Screenshot from a leaked NSO manual via Citizen Lab.
This level of sophistication in malware has never been seen before, and it was used to target human rights activist Ahmed Mansoor, according to Citizen Lab. Mansoor, who has been the target of surveillance since 2011, discovered the malware when he was sent a suspicious link via claiming to have more details on people being tortured in the United Arab Emirates. The link would have actually installed the sophisticated malware on Mansoor’s phone.
Companies that hack tech products to conduct surveillance aren’t new, but a weapon that can completely takeover a supposedly secure device like the iPhone is remarkable. Anything can be hacked, of course, and companies like Apple will always be playing catch up when it comes to locking down their devices from well funded hackers like NSO. But for now, you should definitely update your iPhone. [Citizen Lab]