Ahmed Mansoor, the Laureate of the Martin Ennals Award 2015, was the target of a major hacking attempt. Fortunately it received global coverage on 26 and 27 August 2016 and Apple has immediately issued a security update to address the vulnerabilities. [For those with Iphones/Ipads, you may want to update your IOS software to 9.3.5!]
Image copyrightAP – human rights defender Ahmed Mansoor
The flaws in Apple’s iOS operating system were discovered by Mansoor who alerted security researchers to unsolicited text messages he had received on 10 and 11 August. They discovered three previously unknown flaws within Apple’s code that meant spyware could be installed with a single tap. Apple has since released a software update that addresses the problem. The two security firms involved, Citizen Lab and Lookout, said they had held back details of the discovery until the fix had been issued.
The texts promised to reveal “secrets” about people allegedly being tortured in the United Arab Emirates (UAE)’s jails if he tapped the links. Had he done so, Citizen Lab says, his iPhone 6 would have been “jailbroken”, meaning unauthorised software could have been installed. “Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” said Citizen Lab. The researchers say they believe the spyware involved was created by NSO Group, an Israeli “cyber-war” company.
The spyware would have been installed if Mansoor had tapped on the links. Image copyright CITIZENLAB
For more on Mansoor: https://thoolen.wordpress.com/tag/ahmed-mansoor/
Sources:
http://www.bbc.com/news/technology-37185544
https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/ (from the researchers who identified the vulnerabilities. Good summary followed by full technical analysis)
October 31, 2016 at 17:12
[…] dangers faced by human rights defenders. A recent example is what happened to Ahmed Mansoor [https://thoolen.wordpress.com/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-laurea…] but there are many other cases. The staff of the Digital Security Helpline offers free, 24/7 […]
March 21, 2017 at 13:09
[…] In August 2016 Ahmed Mansoor was at the centre of a hacking scandal involving Apple’s iOS operating system [https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-la…] […]
May 12, 2018 at 11:36
[…] the week.Citizen Lab is the organization that helped Ahmed Mansoor with his iPone spyware in 2016: https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-la…. Miles Kenyon on 11 May provided a run-down of topics and where you can find […]
February 19, 2019 at 11:44
[…] In an open letter released today, 18 February 2019, Amnesty International, Human Rights Watch and five other NGOs urged Novalpina to publicly commit to accountability for NSO Group’s past spyware abuses, including the targeting of an Amnesty International employee and the alleged targeting of Jamal Khashoggi. [see also: https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-la…] […]
May 14, 2019 at 17:40
[…] Unfortunately, calm is not always enough. Activists have also been targeted with sophisticated spyware that is incredibly expensive to procure and difficult to spot. Ahmed Mansoor, a human-rights defender from the United Arab Emirates, received messages with malware (commonly known as computer viruses) that cost one million dollars on the grey market, where unethical hackers and spyware firms meet. See also: https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-la…%5D […]
January 6, 2021 at 17:54
[…] piece starts of with some concrete cases such as Ahmed Mansoor [see https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-la…%5D and Rafael Cabrera, [see: […]