Apple tackles iPhone one-tap spyware flaws after MEA Laureate discovers hacking attempt

August 29, 2016

Ahmed Mansoor, the Laureate of the Martin Ennals Award 2015, was the target of a major hacking attempt. Fortunately it received global coverage on 26 and 27 August 2016 and Apple has immediately issued a security update to address the vulnerabilities. [For those with Iphones/Ipads, you may want to update your IOS software to 9.3.5!]


Ahmed MansoorImage copyrightAP – human rights defender Ahmed Mansoor

The flaws in Apple’s iOS operating system were discovered by Mansoor who alerted security researchers to unsolicited text messages he had received on 10 and 11 August. They discovered three previously unknown flaws within Apple’s code that meant spyware could be installed with a single tap. Apple has since released a software update that addresses the problem. The two security firms involved, Citizen Lab and Lookout, said they had held back details of the discovery until the fix had been issued.

The texts promised to reveal “secrets” about people allegedly being tortured in the United Arab Emirates (UAE)’s jails if he tapped the links. Had he done so, Citizen Lab says, his iPhone 6 would have been “jailbroken”, meaning unauthorised software could have been installed. “Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” said Citizen Lab. The researchers say they believe the spyware involved was created by NSO Group, an Israeli “cyber-war” company.

Text message
The spyware would have been installed if Mansoor had tapped on the links. Image copyright CITIZENLAB

For more on Mansoor: https://thoolen.wordpress.com/tag/ahmed-mansoor/

Sources:

http://www.bbc.com/news/technology-37185544

https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/  (from the researchers who identified the vulnerabilities. Good summary followed by full technical analysis)

http://www.dailymail.co.uk/sciencetech/article-3758671/Apple-boosts-iPhone-security-Mideast-spyware-discovery.html

This entry was posted on August 29, 2016 at 10:17 and is filed under awards, human rights, Human Rights Defenders, MEA.

Tags: , , , , , , , , , , , , , , ,

2 Responses to “Apple tackles iPhone one-tap spyware flaws after MEA Laureate discovers hacking attempt”

  1. Protecting human rights defenders from hackers and improving digital security | Hans Thoolen on Human Rights Defenders Says:

    October 31, 2016 at 17:12

    […] dangers faced by human rights defenders. A recent example is what happened to Ahmed Mansoor [https://thoolen.wordpress.com/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-laurea…] but there are many other cases. The staff of the Digital Security Helpline offers free, 24/7 […]

    Reply
  2. Ahmed Mansoor, MEA Laureate 2015, arrested in middle-of-the-night raid in Emirates | Hans Thoolen on Human Rights Defenders Says:

    March 21, 2017 at 13:09

    […] In August 2016 Ahmed Mansoor was at the centre of a hacking scandal involving Apple’s iOS operating system [https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-la…] […]

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this: