IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Apple Troubleshoots Hack of iOS

Apple Inc. is urging its estimated 1 billion iPhone customers to download an upgraded version of its mobile operating system after a plot was uncovered to use a so-called digital arms dealer’s spyware to hack into the iPhone of an embattled Middle Eastern human rights activist.

By Donna Goodison, Boston Herald

Apple Inc. is urging its estimated 1 billion iPhone customers to download an upgraded version of its mobile operating system after a plot was uncovered to use a so-called digital arms dealer’s spyware to hack into the iPhone of an embattled Middle Eastern human rights activist.

The commercial spying software, detected by Toronto Internet watchdog group Citizen Lab and San Francisco mobile cybersecurity firm Lookout Inc. took advantage of three previously undisclosed weaknesses in Apple’s iOS operating system to let hackers gain complete control of mobile devices.

Citizen Lab identified Israeli “cyberwar” company NSO Group, which helps governments spy on mobile phones, as creator of the government-exclusive, “lawful intercept” Pegasus spyware.

“We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5,” Apple said in a statement. “We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits.”

The Pegasus spyware can access mobile devices’ messages, calls, emails, GPS location, logs, calendar data, contact lists, passwords and other information from apps including Gmail, Facebook, Skype and FaceTime.

“Pegasus is the most sophisticated attack we’ve seen on any endpoint, because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile,” Lookout and Citizen Lab said yesterday.

Ahmed Mansoor, a well-known human rights defender and dissident in the United Arab Emirates, alerted Citizen Lab to the spyware after receiving an unusual text message on Aug. 10. Promising to reveal details about torture in UAE prisons, the unknown sender included a suspicious-looking link at the bottom of the message, but Mansoor didn’t bite.

Mansoor, who has been imprisoned, beaten, robbed and had his passport confiscated by authorities over the years, also had repeatedly found himself in the crosshairs of electronic eavesdropping operations, including two previous spyware attacks.

“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device,” Citizen Lab and Lookout said.

In a statement stopping short of acknowledging the spyware was its own, NSO Group said its mission was to provide “authorized governments with technology that helps them combat terror and crime.” It said it had no knowledge of any particular incidents and would not comment further.

Herald wire services were used in this report.

©2016 the Boston Herald Distributed by Tribune Content Agency, LLC.