Apple has issued an emergency security updates to protect customers against hacking technology developed by an Israeli spyware company. The update comes just a week after the University of Toronto’s cybersecurity organization Citizen Lab found an advanced form of the spyware on a Saudi activist’s iPhone.
Earlier this year an investigation by the French nonprofit Forbidden Stories found that authoritarian governments had targeted journalists, dissidents, and activists using Pegasus hacking technology. Pegasus, which was developed by the Israeli technology firm NSO Group, enables users to extract information from iPhone and Android devices. Saudi Arabia and the UAE were among the governments who used the malware, surveilling the family of the late Washington Post journalist Jamal Khashoggi, before and after his murder. A series of New York Times investigations beginning in 2016 found the spyware on phones of Emirati activists and lawyers investigating the kidnapping and murder of 43 Mexican students.
The New York Times reports that over 1.65 billion Apple users have been vulnerable to the hacking since at least March. “In the past, victims learned their devices were infected by spyware only after receiving a suspicious link texted to their phone or email, and sharing the link with journalists or cybersecurity experts,” explains NYT cybersecurity reporter Nicole Perlroth. “But NSO’s zero-click capability meant victims received no such prompt, and the flaw enabled full access to a person’s digital life. Such abilities can fetch millions of dollars on the underground market for hacking tools, where governments are not regulators but are clients and are among the most lucrative spenders.”
“Our latest discovery of yet another Apple zero day employed as part of NSO Group’s arsenal further illustrates that companies like NSO Group are facilitating ‘despotism-as-a-service’ for unaccountable government security agencies,” said the Citizen Lab group in a statement. “Regulation of this growing, highly profitable, and harmful marketplace is desperately needed.”
“Our finding also highlights the paramount importance of securing popular messaging apps,” it continued. Ubiquitous chat apps have become a major target for the most sophisticated threat actors, including nation state espionage operations and the mercenary spyware companies that service them. As presently engineered, many chat apps have become an irresistible soft target. Without intense engineering focus, we believe that they will continue to be heavily targeted, and successfully exploited.”
I understand that tools for totalitarians is a growth industry in some parts of the world.
‘despotism-as-a-service’
This sums up the ‘Upstart Nation’ quite aptly.
”Hello. We’re Israel, ‘The Upstart Nation®‘. We’ll train your police force to kneel on the necks of your civilians or just shoot them in the knee, militarize your police department, and treat every citizen as potential “terrorists”. You need weapons, drones, or vehicles to carry out your despotism? We’ll sell them to you. You need CIA, NSA, and Shin Bet levels of surveillance to spy on and monitor any or all civilian actors that dare to resists? We have that too. Pick from our extensive bouquet of plans or hold to speak to a representative who can prepare a fully customized plan tailored your specific despotic needs. Thank you for calling ‘The Upstart Nation®’, it has been an honor spying on you… errr… talking to you today.”