When is a hack not a hack? When an Israeli company sells it as a feature. The company, NSO Group, sells the software, to governments among others.
The software allows the attacker to:
- Control the camera
- Listen to the microphone
- Track the phone’s location
- Intercept text messages
- Intercept emails
- Download the calendar data
- Download your contacts
- Record phone calls and messages from WhatsApp and Viper
- Access iMessage, Gmail, Facebook, Skype and Line apps
- And even extract passwords from the keychain
So much for iPhones being secure.
The software exploits three unknown or zero day bugs; Apple released patches for iOS 9 and iOS 10 beta this week. iOS 9 users should be on version 9.3.5.
The attack is called Trident since it uses three zero day bugs.
It appears that governments used the software to target journalists and human rights workers. Given this is a business for NSO, who knows who they went after. I assume they had to sell many copies to stay in business.
The software gets loaded via text message. YUP! The attacker sends the victim a text message that looks like it came from The Red Cross or a news organization or even a tech company (Apple, perhaps). If the user clicks on the link in the message, it is, as they say, game over.
NSO pleaded ignorance, of course. They say that their customers sign a piece of paper that says that they are going to use it legally.
Sure, we will work with that. First, how would NSO ever know if they used it illegally. Second, what would they do if they did know – sue the government. No, the piece of paper is cover fire in case they get outed, like it appears that they did last week.
One interesting part of this story is that the software uses 3 zero day exploits. That is like Stuxnet – which by the way, also came from Israel, supposedly. Using three zero days at once is very risky because if you get outed you lose three very valuable assets, not just one or two. And zero days are hard to come by. At least we think they are. Maybe not?!
So for all you iPhone users, install the patches right away.
Information for this post came from CNN.