Apple issues security fix to Israeli firm’s iPhone snoop hack


(JTA) — The discovery of an Israeli firm’s secret method of hacking into iPhones and iPads prompted Apple Inc. to issue a patch to fix a security flaw in its products.

The iPhone hack by the NSO Group, an Israeli company that makes software for governments that can secretly target mobile phones and gather information, was discovered after a prominent United Arab Emirates dissident flagged a suspicious internet link sent to his phone, Reuters reported.

The human rights activist, Ahmed Mansoor, forwarded the message to researchers at the University of Toronto’s Citizen Lab. They discovered the first known case of software that can remotely take over a fully up-to-date iPhone 6.

Experts at Citizen Lab worked with the security company Lookout and determined that the link would have installed a program taking advantage of three flaws that Apple and others were not aware of. The researchers disclosed their findings on Thursday.

“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” Citizen Lab wrote in a report released on Thursday.

The researchers said they had alerted Apple a week-and-a-half ago, and the company developed a fix and distributed it as an automatic update to iPhone 6 owners.

Apple spokesman Fred Sainz confirmed that the company had issued the patch after being contacted by researchers.

Tools such as the one used by NSO to remotely exploit a current iPhone cost as much as $1 million, according to Reuters.

NSO Chief Executive Shalev Hulio referred questions to spokesman Zamir Dahbash, who said the company “cannot confirm the specific cases” covered in the Citizen Lab and Lookout reports.

Dahbash said NSO abides by export laws in selling to government agencies, which then operate the software.

“The agreements signed with the company’s customers require that the company’s products only be used in a lawful manner,” he added. “Specifically, the products may only be used for the prevention and investigation of crimes.”

Dahbash did not answer follow-up questions, including whether the exposure of the tool’s use against Mansoor in the UAE and a Mexican journalist would end any sales to those countries.

NSO has kept a low profile in the security world, despite its 2014 sale of a majority stake for $120 million to the California private equity firm Francisco Partners. That company’s chief executive, Dipanjan Deb, did not return a call on Thursday. Last November, Reuters reported that NSO had begun calling itself Q and was looking for a buyer for close to $1 billion.

Recommended from JTA