SAN FRANCISCO (AFP) - Owners of Apple mobile gadgets on Friday (Aug 26) were being urged to install a quickly released security update to fix flaws exposed by a sophisticated attack on an Emirati dissident.
The California-based iPhone maker released a new version of its mobile operating system, iOS 9.3.5, on Thursday, saying in a post that it doesn’t confirm security issues until they are investigated and patched.
Researchers at Lookout mobile security firm and Citizen Lab at the University of Toronto said they uncovered a fierce, three-pronged cyber attack targeting a dissident’s iPhone “that subverts even Apple’s strong security environment.”
Lookout and Citizen Lab worked with Apple on an iOS patch to defend against what was called “Trident” due to its triad of attack methods, the researchers said in a joint blog post.
Trident is used in spyware referred to as Pegasus, which a Citizen Lab investigation showed was made by an Israel-based organisation called NSO Group.
NSO Group was acquired by US firm Francisco Partners Management six years ago, according to Lookout and Citizen.
Lookout referred to Pegasus as the most sophisticated attack it has seen, sneakily accessing calls, cameras, e-mail, passwords, apps and more on iPhones.
The spyware was detected when used against Ahmed Mansoor, a human rights activist in the United Arab Emirates, who has been repeatedly targeted using spyware.
After receiving a suspicious text with a link, he reported the matter to the University of Toronto’s Citizen Lab which worked in conjunction with San Francisco-based Lookout to research the affair.
“The attack sequence, boiled down, is a classic phishing scheme: send text message, open web browser, load page, exploit vulnerabilities, install persistent software to gather information,” the joint blog post said.
“This, however, happens invisibly and silently, such that victims do not know they’ve been compromised.”
Mansoor received text messages on Aug 10 and 11 promising that secrets about detainees being tortured in UAE jails could be accessed by clicking on an enclosed link, researchers said.
Had he fallen for the ruse, the Trident chain of “zero-day exploits” would have broken into his iPhone and installed sophisticated spy software.
Mansoor was targeted five years ago with FinFisher spyware and again the following year with Hacking Team spyware, according to Citizen Lab research.
“The use of such expensive tools against Mansoor shows the lengths that governments are willing to go to target activists,” researchers said.
The cyber attack on Mansoor was not linked to a specific government. UAE authorities did not comment on the matter.
Lookout and Citizen believe that the spyware has been “in the wild for a significant amount of time.”
“It is also being used to attack high-value targets for multiple purposes, including high-level corporate espionage on iOS, Android, and Blackberry.”
Citizen Lab has also found evidence that “state-sponsored actors” used NSO cyber weapons against a Mexican journalist who reported on high-level corruption in that country and on an unknown target in Kenya.
The NSO Group tactics included impersonating sites such as the International Committee for the Red Cross; the British government’s visa application processing website, and a wide range of news organizations and major technology companies, according to researchers.