Apple urges iPhone users to update after powerful cyberweapon is found by Online Security

SAN FRANCISCO – Apple on Friday urged iPhone owners to install a security update after a sophisticated attack on an Emirati dissident exposed vulnerabilities targeted by malware dealers.

Researchers at the Lookout mobile security firm and Citizen Lab at the University of Toronto said they had uncovered a three-pronged attack targeting the dissident’s phone “that subverts even Apple’s strong security environment.”

 

Lookout and Citizen Lab worked with Apple on an iOS patch to defend against the attack, called Trident because of its triad of methods, the researchers said in a joint blog post.

“We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5,” Apple said in a released statement.

 

Trident is used in spyware referred to as Pegasus, which a Citizen Lab investigation showed was made by an Israel-based organization called NSO Group. NSO was acquired by the U.S. firm Francisco Partners Management six years ago.

Lookout referred to Pegasus as the most sophisticated attack it has seen, accessing calls, cameras, email, passwords, apps and more.

 

The spyware was detected when used against Ahmed Mansoor, a human rights activist who has been repeatedly targeted using spyware.

After receiving a suspicious text with a link, he reported the matter to Citizen Lab, which worked in conjunction with San Francisco-based Lookout to research the affair.

 

“The attack sequence, boiled down, is a classic phishing scheme: send text message, open web browser, load page, exploit vulnerabilities, install persistent software to gather information,” the joint blog post said. “This, however, happens invisibly and silently, such that victims do not know they’ve been compromised.”

 

Mansoor received text messages on Aug. 10 and 11 promising that secrets about detainees being tortured in United Arab Emirates jails could be accessed by clicking on an enclosed link, researchers said.

Had he fallen for the ruse, the Trident chain of heretofore unknown “zero-day exploits” would have broken into his iPhone and installed snooping software.

 

Once infected, Mansoor’s iPhone would have been turned into a “spy in his pocket” capable of tracking his whereabouts and conversations, Citizen Lab said.

Mansoor was targeted five years ago with FinFisher spyware and again the following year with Hacking Team spyware, according to Citizen Lab research.

 

“The use of such expensive tools against Mansoor shows the lengths that governments are willing to go to target activists,” the researchers said.

Although the cyberattack on Mansoor was not linked to a specific government, Citizen Lab said indicators pointed to the UAE.

 

UAE authorities did not comment on the matter.

 

Lookout and Citizen believe the spyware has been “in the wild for a significant amount of time.”

“It is also being used to attack high-value targets for multiple purposes, including high-level corporate espionage on iOS, Android and Blackberry.”

 

Citizen Lab has also found evidence that “state-sponsored actors” used NSO weapons against a Mexican journalist who reported on high-level corruption in that country and on an unknown target in Kenya.

The NSO tactics included impersonating sites such as the International Committee of the Red Cross, the British government’s visa application processing website and a wide range of news organizations and major technology companies, the researchers said.

 

Mansoor’s decision to enlist Citizen Lab instead of falling into the trap gave researchers a rare chance to expose the work of “shady cyber arms dealers” who command high prices for morally questionable services, said Lookout’s vice president of security research, Mike Murray.

 

Invoices posted online have shown that hackers can charge tens of thousands of dollars per target hit with their software.

“The smartphone is a valuable target, and breaking into it is a valuable skill set,” Murray said. “People who can do this, and with wiggle room in their moral code, have realized the business opportunity.”

 

NSO Group has been around since 2010, and the capture of one of its weapons was billed as a first.

Studying Trident has helped cyberdefenders find ways to spot spyware that had been operating unseen, and they are “actively catching it in the wild now,” Murray said.

 

He declined to reveal anything about other targets, saying that they were people likely to be under surveillance in other ways by local authorities.

Citizen Lab saw the attack on Mansoor as further evidence that “lawful intercept” spyware has significant abuse potential, and that some governments can’t resist the temptation to use such tools against political opponents, journalists and human rights defenders.

Top Story: Apple customers targeted with massive email scam by Oakmere Road

There’s been an alarming number of phishing scams identified this year and these emails are getting more clever and realistic than ever.

 

The latest phishing email you need to keep an eye out for disguises itself as an iTunes email. Much like the Amazon phishing scam we showed you, this email claims that you have been overcharged for a download purchase, $25 for one song, which is usually $1.99 or less, or $45 for the Netflix app.

 

The email will show you a very official-looking billing statement and will encourage you to click a link that says, “Cancel andx Manage Subscriptions.” But, because you’re a Komando.com reader, you’ll notice the typo in the link and know that’s red flag number one.

 

Whatever you do, don’t click that link. It could take you to a malicious site that can steal all of your valuable information, then it’s game over.

 

If you think you really might have been overcharged, check your bank statements first before clicking any links.

 

Just being in the know about these emails is step one. There are other steps you can take to keep yourself safe from these phishing attempts. If you see an email like this in your inbox:

 

– Be sure to exercise caution before you click on anything. Hover over any links and see where they direct before you click. If the links provided go to a website, don’t click it. Navigate to the company’s site yourself without the link.

– Take some time and try to spot the typos.

– If you’re not sure that you can spot the signs, click here to take our phishing IQ test to see how many stand out to you.

– Practice multi-level authentication, which means you have at least two forms of verification, such as a password and a security question before you log into any sensitive accounts.

– Another thing is to have an internet security system. We recommend our sponsor Kaspersky Lab. Software from Kaspersky Lab can recognize and block ransomware. Even if it’s a new version or unknown version of a ransomware, Kaspersky Lab can figure out that the program is doing something it shouldn’t. Kaspersky Lab will stop it from running and will roll back any files that were encrypted to a previous non-encrypted version. Of course, Kaspersky Lab software also helps filter out and warn you about phishing scams, so your odds of downloading a ransomware virus are slim. Get this protection, and so much more, with Kaspersky Total Security.