iPhone bug: How the most dramatic iOS spyware ever found was revealed

It began with a text, and ended in one of the most important iPhone updates ever

Andrew Griffin
Friday 26 August 2016 08:14 EDT
Comments
A security officer stands behind Apple iPhones displayed at an Apple store in Beijing, China, February 17, 2016
A security officer stands behind Apple iPhones displayed at an Apple store in Beijing, China, February 17, 2016 (Reuters)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

It all began with one text message. It ended with perhaps the most dramatic iPhone spyware ever found.

That text message – promising its recipient that a link included in it would reveal details about torture in prisons in the United Arab Emirates – was suspicious and unusual. But it made sense that it was arriving on the phone of Ahmed Mansoor, a human rights activist.

Still, Mr Mansoor wasn’t convinced. He sent the message to Citizen Lab, an internet watchdog – and began a process that would expose a piece of spying software so powerful that Apple had to update every iPhone in the world to stop it from causing any more damage.

What Mr Mansoor had been sent was a link that would have allowed a piece of powerful eavesdropping software – apparently made by a secretive Israeli spying firm – to make its way onto his phone.

Instead, by alerting security experts, Mr Mansoor helped Apple patch up what might have been one of the most insidious hacks that have ever been found for the iPhone. It allowed people to easily take control of a phone – and opened up the world of those mysterious people that were looking for that control.

Two reports issued Thursday, one by Lookout, a San Francisco mobile security company, and another by Citizen Lab, based at the University of Toronto's Munk School of Global Affairs, outlined how the program could completely compromise a device at the tap of a finger. If Mansoor had touched the link, he would have given his hackers free reign to eavesdrop on calls, harvest messages, activate his camera and drain the phone's trove of personal data.

Apple Inc. issued a fix for the vulnerabilities Thursday, just ahead of the reports' release, working at a blistering pace for which the Cupertino, California-based company was widely praised.

Arie van Deursen, a professor of software engineering at Delft University of Technology in the Netherlands, said the reports were disturbing. Forensics expert Jonathan Zdziarski described the malicious program targeting Mansoor as a "serious piece of spyware."

A soft-spoken man who dresses in traditional white robes, Mansoor has repeatedly drawn the ire of authorities in the United Arab Emirates, calling for a free press and democratic freedoms. He is one of the country's few human rights defenders with an international profile, close links to foreign media and a network of sources. Mansoor's work has, at various times, cost him his job, his passport and even his liberty.

Online, Mansoor repeatedly found himself in the crosshairs of electronic eavesdropping operations. Even before the first rogue text message pinged across his phone on Aug. 10, Mansoor already had weathered attacks from two separate brands of commercial spyware.

When he shared the suspicious text with Citizen Lab researcher Bill Marczak, they realized he'd been targeted by a third.

Citizen Lab and Lookout both fingered a secretive Israeli firm, NSO Group, as the author of the spyware. Citizen Lab said that past targeting of Mansoor by the United Arab Emirates' government suggested that it was likely behind the latest hacking attempt as well.

Executives at the company declined to comment, and a visit to NSO's address in Herzliya showed that the firm had recently vacated its old headquarters — a move recent enough that the building still bore its logo.

What is Apple's strategy?

In a statement released Thursday, which stopped short of acknowledging that the spyware was its own, the NSO Group said its mission was to provide "authorized governments with technology that helps them combat terror and crime."

The company said it couldn't comment on specific cases.

Marczak said he and fellow-researcher John Scott-Railton turned to Lookout for help to pick apart the malicious program, a process which Murray compared to "defusing a bomb."

"It is amazing the level they've gone through to avoid detection," Murray said of the software's makers. "They have a hair-trigger self-destruct."

Working over a two-week period, the researchers found that Mansoor had been targeted by an unusually sophisticated piece of software which some have valued at $1 million. He told AP he was amused by the idea that so much money was being poured into watching him.

"If you would give me probably 10 percent of that I would write the report about myself for you!"

The apparent discovery of Israeli-made spyware being used to target a dissident in the United Arab Emirates raises awkward questions for both countries. The use of Israeli technology to police its own citizens is an uncomfortable strategy for an Arab country with no formal diplomatic ties to the Jewish state. And Israeli complicity in a cyberattack on an Arab dissident would seem to run counter to the country's self-description as a bastion of democracy in the Middle East.

There are awkward questions, too, for Francisco Partners, the private equity firm which owns the NSO Group. Francisco is only an hour's drive from the headquarters of Apple, whose products the cybersecurity firm is accused of hacking.

Messages left with Francisco partners' offices in London and San Francisco went unreturned. Israeli and Emirati authorities did not return calls seeking comment.

Attorney Eitay Mack, who advocates for more transparency in Israeli arms exports, said his country's sales of surveillance software are not closely policed.

He also noted that Israeli Prime Minister Benjamin Netanyahu has cultivated warmer ties with Arab Gulf states.

"Israel is looking for allies," Mack said. "And when Israel finds allies, it does not ask too many questions."

Additional reporting by Associated Press

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in