contador web Saltar al contenido

How the attack on an Arab dissident made Apple rush to launch iOS 9.3.5

Four days ago, we reported an unexpected update here: by surprise, Apple released the iOS 9.3.5 for all users of iPads, iPhones and iPods touch, stating that the update was highly recommended due to an ?important? security update.

What we didn't know until recently, however, was that this "security update" referred to something much more serious than usual and whose story is beyond intriguing.

A few weeks ago, the prominent human rights activist Ahmed Mansoor, a dissident and critic of the UAE government through his blog, received some messages on his iPhone 6. The messages denounced torture and other human rights violations in prisons in his country, and provided a link to more information.

Ahmed Mansoor

Mansoor, however, suspected their goodwill and, instead of opening the links, sent the message to Citizen Lab, the Internet research center at the University of Toronto (Canada), the same institution had already collaborated with the activist in two previous occasions when your devices were hacked.

In the lab, researchers Bill Marczak and John Scott-Railton opened the URL provided by the suspicious messenger on a completely clean iPhone 5, running iOS 9.3.3 (same version of Mansoor's iPhone 6 system). Safari then opened a blank page only to close 10 seconds later.

Then, the surprise: the iPhone was infected with a spyware It is absolutely silent and powerful, capable of monitoring basically everything: from phone calls to typing, messages, emails, calendar, contacts and even access to the camera and microphone. The tool was named Pegasus and it had never been documented before, either by other hackers or by security institutions or Apple itself.

Pegasus initiated its attack by exploiting a vulnerability in WebKit, Safari's rendering engine; then, the second step was to take advantage of a bug in the core protections (kernel) of iOS to access the bowels of the system and make a jailbreak totally silent, which, in turn, allowed complete monitoring of the device.

One thing led to another and it was soon discovered that Pegasus along with two other spyware super-secret malicious ones were the work of the NSO Group, a huge and almost invisible group of cyber-gun dealers based in Israel. Malicious tools are sold at extremely high prices to clients of the highest crime scale, in shady and practically undetectable transactions.

When the problem was brought to Apple by Citizen Lab, the company fixed the loopholes and released iOS 9.3.5 in 10 days; now, Pegasus can no longer be used on upgraded devices. Nothing prevents, however, the NSO from creating other tools to exploit both iOS and other research systems claim that Android, in particular, is a target that may be being targeted a lot by criminals.

If you have one iGadgetHowever, even if it is not a primary target of tyrannical governments, it is good to update it immediately, if you have not already done so.

(via Wired)