A hacking group called NSO Group has been selling iPhone spyware to nation-states, a new report by the Citizen Lab at the University of Toronto’s Munk School of Global Affairs shows.
Earlier today, researchers at the Citizen Lab published evidence that shows how a government targeted an internationally recognized human rights defender, Ahmed Mansoor, with the Trident, a chain of zero-day exploits designed to infect his iPhone with sophisticated commercial spyware. The evidence also points to the NSO Group, an established private cyberarms dealer whose clientele primarily comprises governments.
The NSO Group has been selling spyware that is delivered to mobile devices through a series of critical vulnerabilities in Apple’s iOS mobile operating system. Once established on a device, this tool, known as Pegasus, can survey most of the activities the user performs on their devices. According to the report, Apple says it has fully patched the three vulnerabilities, collectively called Trident, as part of its iOS 9.3.5 update.
Ahmed Mansoor is an internationally recognized human rights defender, blogger, and member of Human Rights Watch’s advisory committee. Mansoor is one of the ‘UAE Five’ who were imprisoned from April to November 2011 on charges of insulting President Khalifa bin Zayed Al Nahyan, Vice PresidentMohammed bin Rashid Al Maktoum, and Crown Prince Mohammed bin Zayed Al Nahyan of the United Arab Emirates.
“After he was released, Mansoor’s passport was confiscated, his car was stolen, and $140,000 disappeared from his bank account. Mansoor is banned from traveling overseas, and his work continues to attract significant harassment and punishment.“ the report details.
“On the morning of August 10, 2016, Mansoor received an SMS text message that appeared suspicious. The next day he received a second, similar text. The messages promised “new secrets” about detainees tortured in UAE prisons, and contained a hyperlink to an unfamiliar website. The messages arrived on Mansoor’s stock iPhone 6 running iOS 9.3.3.” the report explains how the Citizen Lab’s researchers first uncovered the possibility of an attack and origins for further investigation.
So far, little is known about the Isreal-based NSO Group. The Citizen Lab’s report suggested that the group’s nation state clientele includes governments like Mexico, which was reported to use its services in 2014 and seems to be an ongoing customer.
Whatever the case, there’s no better time than the present to get a good VPN.