Support NeoGAF

[chadskin]

Fix is part of the just released iOS 9.3.5.

On the morning of August 10, Ahmed Mansoor, a 46-year-old human rights activist from the United Arab Emirates, received a strange text message from a number he did not recognize on his iPhone.

“New secrets about torture of Emiratis in state prisons," read the tantalizing message, which came accompanied by a link.

Mansoor, who had already been the victim of government hackers using commercial spyware products from FinFisher and Hacking Team, was suspicious and didn’t click on the link. Instead, he sent the message to Bill Marczak, a researcher at Citizen Lab, a digital rights watchdog at the University of Toronto's Munk School of Global Affairs.

As it turned out, the message wasn’t what it purported to be. The link didn’t lead to any secrets, but to a sophisticated piece of malware that exploited three different unknown vulnerabilities in Apple’s iOS operating system that would have allowed the attackers to get full control of Mansoor’s iPhone, according to new joint reports released on Thursday by Citizen Lab and mobile security company Lookout.

This is the first time that anyone has uncovered such an attack in the wild. Until this month, no one had seen an attempted spyware infection leveraging three unknown bugs, or zero-days, in the iPhone. The tools and technology needed for such an attack, which is essentially a remote jailbreak of the iPhone, can be worth as much as one million dollars. After the researchers alerted Apple, the company worked quickly to fix them in an update released on Thursday.

The question is, who was behind the attack and what did they use to pull it off?

It appears that the company that provided the spyware and the zero-day exploits to the hackers targeting Mansoor is a little-known Israeli surveillance vendor called NSO, which Lookout’s vice president of research Mike Murray labeled as “basically a cyber arms dealer.”

The researchers at Citizen Lab and Lookout were impressed by this new, never-seen-before, type of malware.

“We realized that we were looking at something that no one had ever seen in the wild before. Literally a click on a link to jailbreak an iPhone in one step,” Murray told Motherboard. “One of the most sophisticated pieces of cyberespionage software we’ve ever seen.”

More: https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group

 

[Guess Who]

This is huge and everyone with an iOS device should update as soon as possible.

 

[Alexlf]

Holy cow, just throwing away 3 zero days like that must have been crazy expensive. I wonder what they were thinking? Either he was a VERY high value target or they REALLY screwed up.

 

[Jeffrey]

remote jailbreak is scary as fuck.

 

[Sesuadra]

so, to let it have access to your phone you have to click a link?
b/c german newspapers wrote about it like every iphone on the planet was instant unlocked as soon as they got targeted.

Good that apple closed the weak spots fast..
reading the citizenlab report is really something https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/

 

[DerangedHermit]

“We realized that we were looking at something that no one had ever seen in the wild before. Literally a click on a link to jailbreak an iPhone in one step,” Murray told Motherboard. “One of the most sophisticated pieces of cyberespionage software we’ve ever seen.”

Eh? I'm pretty sure that one jailbreak some years ago was exactly like this. Worked by exploiting some vulnerabilities that safari had with pdf files or something.

 

[Snkfanatic]

Welp updating my phone right now.

 

[Alo0oy]

Bill Marczak is great, the work he's done for Bahrain Watch was phenomenal, he's exposed so much government corruption and cyber terrorism from governments in collaboration with so many tech companies in Europe and America.

 

[Oppo]

this is an interesting point they make:

“Apple has raised the cost of exploiting their devices higher than any other vendor out there. But this highlights the need for better compromise detection for iOS,” Guido said, adding that in any case, “iOS is still the single most secure consumer device available.”

“The problem is that it takes a paranoid mentality and friends at Citizen Lab to identify whether you have malware,” he added.

and yeah, I couldn't hit that Update button fast enough after reading this. terrifying.

 

[tebunker]

Well been kicking the latest updates down the road for a few days but I guess I have no choice.

Also anyone else notice that if you tell it to update later now it prompts you to enter your password and the schedule a time? I hate that shit.

 

[AxelFoley]

This is huge and everyone with an iOS device should update as soon as possible.

Which I did. Damn.

 

[Futureman]

Unless you have international cyber terrorists on your tail, you can probably make a cup of coffee and walk the dog before updating.

I'm just joking but "couldn't update fast enough" sounded funny to me. It's not like they are sending an automatically installed virus to phones. You have to click a link from a random text.

 

[Oppo]

Unless you have international cyber terrorists on your tail, you can probably make a cup of coffee and walk the dog before updating.

I'm just joking but "couldn't update fast enough" sounded funny to me. It's not like they are sending an automatically installed virus to phones. You have to click a link from a random text.

if tapping any link can root my phone, that's kind of worrisome.

 

[NekoFever]

NSO's spokesperson Zamir Dahbash said in a statement that the company's “mission is to help make the world a safer place by providing authorized governments with technology that helps them combat terror and crime.“

Yet their exploits show up being used against a pro-democracy campaigner in an absolute monarchy with an awful human rights record. Scumbags.

 

[Jonnax]

Unless you have international cyber terrorists on your tail, you can probably make a cup of coffee and walk the dog before updating.

I'm just joking but "couldn't update fast enough" sounded funny to me. It's not like they are sending an automatically installed virus to phones. You have to click a link from a random text.

You know how sometimes GAF ads redirect your page, activate the vibration motor and tell you that you have 10 viruses and to install something? You can safely ignore that.

Now imagine you visit a page, the add embeds some script that roots your device.
The with its new found access. Searches your email account for "Social Security, Credit Card Number, sort code, account number, etc"
And then uploads the results to their computer.

Or maybe making premium rate phone calls whilst you're asleep or premium text messages?

Who is to say that malware authors don't have this vulnerability?

 

[platocplx]

This is terrifying. I may have to switch back to an iphone, i could only imagine the vulnerabilities lying in android.

Read the report. This shit right here was alarming as hell.

After he was released, Mansoor’s passport was confiscated, his car was stolen, and $140,000 disappeared from his bank account. Mansoor is banned from traveling overseas, and his work continues to attract significant harassment and punishment

State sanctioned cyber terrorism is crazy. Especially when it could be anyone of us just because of a certain kind of dissent we have vs the govt. I honestly see now why spying of this nature is extremely harmful.

 

[Slurpy2k20]

I'm running the iOS 10 beta, as is my wife. I assume we're fine?

 

[NekoFever]

I'm running the iOS 10 beta, as is my wife. I assume we're fine?

The latest iOS 10 beta includes the fixes, so assuming you're up to date there, you're good.

 

[dity]

I'm updating at the speed of DSL.

 

[Broken Hope]

I'm running the iOS 10 beta, as is my wife. I assume we're fine?

This exploit was the reason we had 2 iOS 10 beta releases last week.

 

[Jotaka]

From who NSO guys got this bugs? My tinfoil hat says... Israel gov <- US gov.