New malware means you need to update your iPhone

Posted at 12:00 PM, Aug 26, 2016
and last updated 2016-08-26 11:56:13-04

SAN FRANCISCO — One of the most significant iPhone hacks to date was outed with a simple text message.

Security researchers on Thursday announced they had discovered a new piece of iPhone malware that allowed attackers to see virtually everything on your iPhone. They traced the previously unknown spyware back to an Israeli-based company called the NSO Group. NSO openly sells software that it says can track a person’s mobile phone — and many of its clients are governments.

At the same time on Thursday, Apple released a software update for iOS 9.3.5 that patches the vulnerabilities. The company recommends anyone using an iPhone update their iOS immediately. For users running the beta of iOS 10, the latest seed also patches the exploits.

Researchers said it appeared governments had used NSO’s software to target journalists and human rights workers. They used fake domains to try and disguise themselves as legitimate groups like the Red Cross, news organizations, and large tech companies.

Human rights activist Ahmed Mansoor first received a suspicious text message on August 10. The next day he got another, this time with a link promising information on detainees in UAE jails. No stranger to hacking attempts, the well-known dissident forwarded the messages to a researcher at Citizen Lab in the University of Toronto’s Munk School of Global Affairs.

Citizen Lab teamed up with mobile security company Lookout to investigate. Together they confirmed the discovery of an advanced piece of spyware that took advantage of three previously unknown iOS security holes. By clicking on the text link, Mansoor would have unwittingly installed the malware and allowed the sender full access to his communications.

The combination of the vulnerabilities, together known as “Trident,” gives the attacker access to an iPhone’s camera, microphone and location. It can intercept text messages and emails, download calendar and contact data, and see passwords stored in the iPhone’s keychain. It can record phone calls and messages from WhatsApp and Viber, and access communication apps including iMessage, Gmail, Facebook, Skype, and Line.

“We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5. We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits,” said Apple spokesman Fred Sainz in a statement.

NSO Group denied any knowledge of this specific hack.

“The company sells only to authorized governmental agencies, and fully complies with strict export control laws and regulations,” NSO spokesman Zamir Dahbash said in a statement. “The agreements signed with the company’s customers require that the company’s products only be used in a lawful manner. Specifically, the products may only be used for the prevention and investigation of crimes.”