Get the latest tech news How to check Is Temu legit? How to delete trackers
TECH
Apple Inc

Apple issues security update to prevent iPhone spyware

Jon Swartz, and Elizabeth Weise
USA TODAY
Human rights activist Ahmed Mansoor shows Associated Press journalists a screenshot of a spoof text message he received in Ajman, United Arab Emirates, on Thursday, Aug. 25, 2016.

SAN FRANCISCO — Apple issued a security update to prevent attacks by rare, highly expensive spyware that exploits flaws in the mobile operating system for iPhones and iPads, after security researchers said it was used to target a Middle Eastern dissident's phone.

In a statement to USA TODAY Thursday, Apple said it immediately fixed the vulnerability upon learning of it. It advises customers to download the latest version of its iOS, version 9.3.5, for security protection.

The Associated Press first reported on the patch.

The espionage software was discovered because it had been targeted at Ahmed Mansoor, a prominent United Arab Emirates dissident. Mansoor received a text message on his iPhone 6 that invited him to click on a web link. He had been the victim of spyware in the past and so forwarded the message to researchers at the University of Toronto's Citizen Lab.

Researchers there worked with San Francisco-based mobile security firm Lookout. In a blog post Thursday on its website, Lookout researchers said they found a “sophisticated, targeted, and persistent mobile attack on iOS using three zero-day vulnerabilities we call ‘Trident.’”

The flaw lets the hacker break into an iOS device and spy on information gleaned from the victims' apps such as Facebook, WhatsApp, FaceTime, Gmail and Calendar, the post said.

"As security breaches go, this is fairly serious, considering how fast Apple addressed it," says Andrew Blaich, a staff researcher at Lookout.

Citizen Lab traced the link to NSO Group, which it calls a “cyberwar” company in Israel that sells a spyware product called Pegasus, said John Scott-Railton, one of the Citizen Lab report's authors.

NSO would not comment on whether it had sold the software. “NSO’s mission is to help make the world a safer place, by providing authorized governments with technology that helps them combat terror and crime,” said Zamir Dahbash, NSO spokesman, in a statement to USA TODAY.

The company only sells its software to authorized governmental agencies and requires customers to sign an agreement that its products will only be used in a lawful manner, specifically “the prevention and investigation of crimes,” he said.

NSO Group is reportedly owned by an American venture capital firm, Francisco Partners Management, according to Citizen Lab. A call to FPM was not immediately returned.

COSTLY GEAR

The cost of such sophisticated spyware is very high. A set of similar digital tools recently sold for $1 million, Citizen Lab's Scott-Railton and his co-author, Bill Marczak, wrote in an online report posted Thursday.

The Internet watchdog group discovered the security hole a few weeks ago and immediately notified Apple, Lookout's Blaich said.

Human rights activist Ahmed Mansoor shows Associated Press journalists a screenshot of a spoof text message he received in Ajman, United Arab Emirates, on Thursday, Aug. 25, 2016. Mansoor was recently targeted by spyware that can hack into Apple's iPhone handset. The company said Thursday it was updated its security. The text message reads: "New secrets on the torture of Emirati citizens in jail."

The researchers don't know what organization or government was behind the attempted hack of Mansoor’s iPhone, but Scott-Railton noted a likely suspect would be the United Arab Emirates, where Mansoor is seen as a dissident. He has been unable to leave the country since 2011 after his passport was taken.

A representative for the UAE's embassy in Washington, D.C. did not respond to a request for comment.

Once installed on an iPhone, the malware in question could rifle through contacts, photos, notes and other items stored on the phone or download the user's calendar. It could even surreptitiously turn on the phone’s microphone, recording conversations and then sending them to the owners of the malware, Scott-Railton said.

The disclosure offers fresh evidence that mobile platforms are “fertile ground for gathering sensitive information,” the post said.

How widespread use of the malware is, is not clear, said Scott-Railton. The Citizen Lab believes that similar software from the NSO Group was used to target a Mexican journalism, Rafael Cabrera, who was reporting on a scandal involving Mexico’s president.

Apple strengthens security

The breach is potentially very bad because the security flaws appear to have been available for at least three years, said Joseph Lorenzo Hall, chief technologist with the Center for Democracy & Technology in Washington D.C.

“In which case, any iOS device could have been remotely hacked with this trio of flaws,” he said.

Discovery of such sophisticated software being used to spy on individuals should not be surprising, said Herb Lin, a senior research scholar for cyber policy and security at Stanford University.

“There are many groups out there that operate in the shadows,” he said.

Apple is clearly aware of the threat. Earlier this month, it beefed up security efforts with its first bug bounty program, with awards up to $200,000 for security researchers for each software bug they find that compromises Apple products. It debuted the program at Black Hat, an influential computer security conference in Las Vegas. Many companies already offer such programs.

The announcement came on the heels of a showdown between Apple and the FBI over the feds’ demand that Apple help in its attempts to crack an iPhone 5C used by San Bernardino, Calif., shooter Syed Rizwan Farook. The FBI ditched its legal fight against Apple after it hired an unnamed firm to break into the iPhone without Apple's help.

Does the FBI's move mean iPhones are hackable?

Follow USA TODAY San Francisco Bureau Chief Jon Swartz @jswartz on Twitter.

Featured Weekly Ad