All Mansoor, a human rights activist, received a suspicious text message that appeared on his iPhone which urged him to click the link provided to reveal details about torture in the United Arab Emirates’ prisons, reported The Associated Press.
However Mansoor reported it to Citizen Lab, an internet watchdog, and didn’t take the bait. This action exposed a secretive Israeli cyberespionage firm after a chain reaction. This secretive firm is a defanged a powerful new piece of eavesdropping. This finally led to an extra boost to their digital security for millions of iPhone users across the world.
“It feels really good,” Mansoor said in an interview from his sand-colored apartment block in downtown Ajman, a small city-state in the United Arab Emirates.
He hoped the developments “could save hundreds of people from being targets,” Mansoor said while cradling his iPhone to show The Associated Press screenshots of the rogue text.
A highly targeted form of spyware crafted to take advantage of three previously undisclosed weaknesses in Apple’s mobile operating system was hidden behind the link in the text message.
How the program could completely compromise a device at the tap of a finger was outlined by two reports issued Thursday, one by Citizen Lab, based at the University of Toronto’s Munk School of Global Affairs and another by Lookout, a San Francisco mobile security company. Eavesdropping on calls, harvesting messages, activating the users camera and drain the phone’s trove of personal data were the potential things that the hackers could have done with his phone if Mansoor had touched the link.
Working at a blistering pace for which the Cupertino, California-based company was widely praised as Apple Inc. issued a fix for the vulnerabilities Thursday just ahead of the reports’ release.
The reports were disturbing, said Arie van Deursen, a professor of software engineering at Delft University of Technology in the Netherlands. The malicious program targeting Mansoor was described as a “serious piece of spyware” by forensics expert Jonathan Zdziarski.
Salling for a free press and democratic freedoms, Mansoor has repeatedly drawn the ire of authorities in the United Arab Emirates. With close links to foreign media and a network of sources, he is one of the country’s few human rights defenders with an international profile. His job, his passport and even his liberty have been at stake due to Mansoor’s work.
Electronic eavesdropping operations were repeatedly targeted towards Mansoor whenever he went online. Mansoor already had weathered attacks from two separate brands of commercial spyware even before the first rogue text message pinged across his phone on Aug. 10.
Citizen Lab researcher Bill Marczak realized he’d been targeted by a third when he shared the suspicious text with them.
The author of the spyware was signaled out to be a secretive Israeli firm, NSO Group, by Citizen Lab and Lookout. The United Arab Emirates’ government was likely behind the latest hacking attempt since it had targeted Mansoor in the past also, Citizen Lab said.
(Adapted from Bloomberg)