The Apple iPhone is considered the most secure of the major cell phone platforms, but in the emerging digital world nothing in cyberspace is guaranteed safe. A new cell phone malware scheme, developed by a shadowy Israeli firm said to be valued at $1 billion and renowned worldwide for its cyber spying capabilities, was uncovered Thursday. The hack was discovered when it targeted a political activist in the United Arab Emirates but it has also been used by governments to spy on journalists.
Hackers can gain control of a cell phone to spy on user by just clicking on a link
The new software technology from an Israeli company named NSO was categorized by cyber-protection analysts as “One of the most sophisticated pieces of cyber-espionage software we’ve ever seen.”
The malware works by sending a text link to a cell phone user. When the do nothing more than click on the link, malware is placed in the iPhone. The software then obtains complete control of the phone, according to a report released by Citizen Lab and mobile security company Lookout. The software virus was first reported by Motherboard.
This was the first instance of computer hackers leveraging three virus, known as “zero-day” bugs because they have not been detected by the software vendor. The bug is known as a “jailbreak,” which circumvents the security of a device to allow covert remote control by a third party.
“It basically steals all the information on your phone, it intercepts every call, it intercepts every text message, it steals all the emails, the contacts, the FaceTime calls. It also basically backdoors every communications mechanism you have on the phone,” Lookout’s Mike Murray explained to Motherboard. “It steals all the information in the Gmail app, all the Facebook messages, all the Facebook information, your Facebook contacts, everything from Skype, WhatsApp, Viber, WeChat, Telegram—you name it.”
Certain types of cell phone malware software enable spy organizations to eavesdrop on face-to-face conversations taking place when the cell phone is close by. Certain jailbreak applications also allow spies to see through the camera lens as well as track and map the phone’s physical whereabouts.
For journalists and political activists the spy software can result in a death sentence for government sources or political dissidents who are discovered engaging in politically sensitive activities such as revealing government corruption or organizing human rights protests.
NSO is top cyber spy firm, known as “cyber weapons dealer,” with a valuation of $1 billion
NSO, known as a “cyber weapons dealer,” is little-known outside the secretive spy and national defense industry. The software development company does not have a web site and its executives have only rarely given public interviews, other than claiming its products are so stealthy they operate like a “ghost.”
The company was founded in 2010 and received $120 million seed capital from a US venture capital firm in 2014, Motherboard reported, pointing to a $1 billion valuation for the company. The firm competes with other hacking software companies such as Hacking Team and FinFisher in providing governments, cartels and corporate entities the ability to spy on various individuals.
“The people that we see being targeted by these texts today—dissidents, activists—these are kind of the people on the frontlines of what is to come for all of us tomorrow, these guys are sort of the canaries in the coal mine,” Bill Marczak, a researcher at Citizen Lab, a digital rights watchdog at the University of Toronto’s Munk School of Global Affairs, told Motherboard. “The threats that they are facing today are threats that perhaps ordinary users will face tomorrow.”
After discovering the hack through a political activist in the United Arab Emirates, Citizen Lab contacted Apple, who issued a patch Thursday to repair the vulnerability in Apple’s iOS operating system.
Apple Computer, for its part, remains the most secure cell phone in the industry despite the recent breach.
“Apple has raised the cost of exploiting their devices higher than any other vendor out there. But this highlights the need for better compromise detection for iOS,” Dan Guido, the CEO of cybersecurity firm Trail Of Bits Guido, was quoted as saying. “iOS is still the single most secure consumer device available.”