| The texts had been sent to human rights activist Ahmed Mansoor |
Flaws in Apple's iOS operating
system have been discovered that made it possible to install spyware on a
target's device merely by getting them to click on a link.
| The spyware would have been installed if Mansoor had tapped on the links |
The lawyer, Ahmed Mansoor, received the text messages on 10 and 11 August. The texts promised to reveal "secrets" about people allegedly being tortured in the United Arab Emirates (UAE)'s jails if he tapped the links.
Had he done so, Citizen Lab says, his iPhone 6 would have been "jailbroken", meaning unauthorised software could have been installed. "Once infected, Mansoor's phone would have become a digital spy in his pocket, capable of employing his iPhone's camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements," said Citizen Lab.
"We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find." The researchers say they believe the spyware involved was created by NSO Group, an Israeli "cyber-war" company.
"[It is] the most sophisticated spyware package we've seen," said Lookout. "It takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile always connected (wi-fi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists."