TechSpot

Rare iOS spyware caught in the wild exploiting three zero-day flaws

By Shawn Knight
Aug 25, 2016
Post New Reply
  1. Researchers at Citizen Lab, a team that investigates surveillance technology, and Lookout Inc. claim that a little-known Israeli startup exploited unknown flaws in iOS to help foreign governments spy on their citizens.

    As The Wall Street Journal points out, the surveillance software in question came from NSO Group Technologies Ltd. which is known to sell to governments. Researchers first became aware of the software earlier this month through a link sent to a human-rights activist in the United Arab Emirates.

    The software, dubbed Pegasus, reportedly takes advantage of three flaws in iOS. Once installed, it acts as a surveillance device and can log messages, track movement and siphon personal data.

    Apple on Thursday said it was made aware of the vulnerabilities and fixed them immediately, issuing an emergency patch (version 9.3.5) which you can download here.

    Lookout VP of Security Research Mike Murray told the Journal that this is the most professional piece of spyware he has ever seen, adding that it operates in a way as to not attract suspicion. By that, he means that it doesn’t drain a device’s battery quickly and only transmits larger loads of data when on Wi-Fi.

    A spokesperson for NSO told the Journal that they had no knowledge of the case involving the human-rights activist, adding that its mission is to help make the world a safer place by providing authorized governments with technology that helps them combat terror and crime.

    Permalink to story.

     
    Last edited by a moderator: Aug 26, 2016
  2. psycros

    psycros TS Evangelist Posts: 1,324   +711

    The Israelis are quite possibly the best spyware/hackware authors on the planet. I can even understand them selling this kind of tech to stable Arab countries that traditionally haven't caused the Jews much grief, even if those regimes are pretty repressive themselves. If you have to choose between states that enforce sharia within their borders vs those that actively export it, there's really only one choice no matter how distasteful. Arguably, any blow to Islamic jihad is good for Israel and other open societies. As much as I hate spyware, as long as its being used ONLY by countries that are already dictatorial, I can live with it...as long as its main purpose is to defeat Islamic terrorism rather than just enforcing strict Muslim codes.
     
  3. cartera

    cartera TS Addict Posts: 297   +78

    I agree in general with what you say however there is evidence to show the Saudi Arabia has helped fund Islamic Terrorism in the past. At a state level and many key figures within the country.
     
  4. Uncle Al

    Uncle Al TS Evangelist Posts: 1,676   +780

    They have been around since 2000 and are owned by a California company, selling their wares to all sorts of governments and "private" agencies all over the world. Nothing that remarkable, but extremely successful. Sadly, they have no such mission to only go after Islamic terrorists, in fact one of their early accomplishments was the creation of the bug you will remember being called StuxNet, which was used to attack the Iranian nuclear project by unbalancing their centrifuges. They are just like the girls downtown .... you give them the money and they'll do whatever you want!
     
  5. Opus

    Opus TS Enthusiast Posts: 46

    What does it have to do with "Islamic Terrorism" or any form of "Terrorism"? There was no need to spread hate speech. Terrorism has no religion. Mercenaries belonging to any religion can be hired with money. Please do not judge any person/Government by the mainstream media fed standards of morality.

    Coming back to the core topic, it can be said that companies like these always pop up to take advantage of social, technological and behavioral shortcomings.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...