An Israeli secret cyber weapon selling company that sells hacking services to government officials so they can keep track of people like journalists and dissidents, exploited gaping security loops in iPhone software, according to a report byLookout Security and Citizen Lab. But don’t worry: Apple just pushed a fix.
The New York Times reports:
The NSO Group’s software can read text messages and emails and track calls and contacts. It can even record sounds, collect passwords and trace the whereabouts of the phone user.
This is about as bad as it gets. Apple released a patch yesterday to fix these massive security problems, and you should download it immediately.
Other orgs spoofed by NSO via lookalike domains include YouTube, Facebook, Google, Univision, BBC, CNN and AlJazeera pic.twitter.com/nIwKNVDnNC
— Christopher Soghoian (@csoghoian) August 25, 2016
— Edward Snowden (@Snowden) August 25, 2016
Lookout security researcher Mike Murray explained the scary exploit in an interview with Motherboard. “We realized that we were looking at something that no one had ever seen in the wild before,” Murray said. “Literally a click on a link to jailbreak an iPhone in one step. One of the most sophisticated pieces of cyberespionage software we’ve ever seen.”
This level of sophistication in malware has never been seen before, and it was used to target human rights activist Ahmed Mansoor, according to Citizen Lab. Mansoor, who has been the target of surveillance since 2011, discovered the malware when he was sent a suspicious link via claiming to have more details on people being tortured in the United Arab Emirates. The link would have actually installed the sophisticated malware on Mansoor’s phone.
Anything can be hacked, of course, and companies like Apple will always be playing catch up when it comes to locking down their devices from well funded hackers like NSO. But for now, you should definitely update your iPhone.
Apple sends new iOS 9.3.5 update for security holes in iOS 9.3.4. The update comes with 39.8 MB of data.