NSO Group has exploited Apple vulnerabilities to disguise itself as Gmail, Facebook, WhatsApp, Skype, the Red Cross, CNN, Al Jazeera and the Pokemon Company to create malicious links.
An Israeli company that is a world leader in cyber warfare was found to help governments hack the iPhones of activists and journalists, including the United Arab Emirates, Mexico and likely Turkey, Israel, Kenya, Saudi Arabia, Hungary and others.
Citizen Lab and Lookout found that the company, NSO Group, has exploited Apple vulnerabilities to disguise itself as Gmail, Facebook, WhatsApp, Skype, the Red Cross, CNN, Al Jazeera and the Pokemon Company to create malicious links.
Once a target clicks on the link, the company can read messages, record sounds, track locations and collect passwords.
Ahmed Mansoor, a human rights activist from the UAE, received a text message with one of the links and showed it to Citizen Lab. Mansoor had been victim of cyber attacks twice before.
Further investigation revealed that Mexican journalist Rafael Cabrera was also targeted by NSO Group after investigating Enrique Peña Nieto’s family. The resulting report cited other attacks linked back to the company, including in Kenya, Turkey and Qatar.
NSO Group, which is now owned by San Francisco-based private equity firm Francisco Partners Management LLC, wrote to the New York Times: “The company sells only to authorized governmental agencies, and fully complies with strict export control laws and regulations.” The spokesman said that its customers use its software lawfully.
After Citizen Lab informed Apple of the vulnerabilities, it released a new secure version of iOS 9.3.5 and encouraged users to update it. The version may not be safe from other vulnerabilities found by the FBI, which did not disclose them to Apple.
“The targeting of these activists and dissidents is a taste of what’s to come,” Citizen Lab researcher Bill Marczak told the New York Times. “What they’re facing today will be faced by ordinary users tomorrow.”