An Israeli technology company has been accused of creating and supplying an aggressive interception program capable of taking over Apple’s iPhones and turning them into remote spying devices after allegedly targeting a Middle Eastern human rights activist and others.
The discovery, announced on Thursday, prompted Apple to issue an urgent software update to block the exploitation.
The capability was revealed as the company said to be responsible for the product – a startup reportedly set up by former members of the Israeli military’s Unit 8200 electronic surveillance establishment – declined to deny it was behind the spyware.
The security hole might have gone unpatched had it not been for the awareness of an embattled human rights activist in the United Arab Emirates. The spyware, which is lawful, was identified by the University of Toronto’s Citizen Lab after Ahmed Mansoor, who in the past has been arrested, tortured, and prevented from traveling abroad, sent the lab a suspicious link that has been texted to him. He has been the target of previously attempted hacks.
Citizen Lab described the UAE government as being “the likely operator behind the targeting” and traced the spyware to Israel’s NSO Group, which creates and sells spying software to clients, including foreign governments.
NSO’s chief executive, Shalev Hulio – who reputedly served in the controversial Unit 8200 – referred questions to a spokesman, Zamir Dahbash, who said the company “cannot confirm the specific cases” covered in the reports.
Dahbash said NSO made sales within Israeli export laws to governments, which then operated the software. “The agreements signed with the company’s customers require that the company’s products only be used legally. Specifically, the products may only be used for the prevention and investigation of crimes.”
Israeli government agencies and private tech firms have aggressively embraced cyber warfare both for spying and launching attacks, with officials in the past boasting they believe they are 15 years ahead of the rest of the world in military cyber capability.
However, the close connection between Israel’s military cyber units and its alumni who go on to set up startups or develop technology in the private sector has led to concerns that some companies are bringing about the proliferation of cyber warfare tools.
In a statement on Thursday, Citizen Lab – working with Lookout, a security firm – described the attempted hack as bearing the hallmarks of a previous piece of spyware developed by NSO.
According to Mansoor, he was sent text messages on his iPhone on 10 and 11 August promising “new secrets” about detainees tortured in UAE jails if he clicked on the link provided. Instead, he forwarded them to the Toronto-based researchers.
“We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based ‘cyber war’ company that sells Pegasus, a government-exclusive ‘lawful intercept’ spyware product,” Citizen Lab said in a statement.
“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.”
The market for “lawful intercept” or government hacking tools has increased scrutiny with revelations about authoritarian customers and noncriminal victims.
The Citizen Lab researchers condemned the use of sophisticated “lawful spyware” developed privately in democracies but sold to states despite export controls.
NSO marketing material says it also has capabilities for Android and BlackBerry devices. No version of the software has been exposed, indicating it remains effective.
Mansoor is an internationally recognized human rights defender and a recipient of the Martin Ennals award – sometimes referred to as a “Nobel prize for human rights.”