Apple has rushed out a patch for its mobile operating system, iOS, after malware—reportedly developed by an Israeli firm that sells spying software to governments—was able to remotely surveil an up-to-date iPhone 6.
The attack attempts to encourage users to open a URL via text message. When that link is followed, the attack uses three individual zero-day flaws to leverage a weakness in Safari’s browser engine, which enables access to the operating system’s kernel and installation of malware to effectively jailbreak the iPhone. From that point on, the malware can be used to spy on virtually every aspect of the phone’s use, from phone calls and text messages to calendar data and video feeds.
This appears to be the first known example of hackers having the ability to remotely jailbreak an iPhone 6, and Motherboard claims that it’s the first iPhone attack of this kind. The vulnerability was identified by researchers at the University of Toronto's Citizen Lab after Ahmed Mansoor, a human rights activist and United Arab Emirates dissident, was targeted using the attack.
The Citizen Lab team claims that the malware was developed by the Israeli firm NSO Group, which creates spy software for governments. It’s no secret that NSO makes software capable of surveilling smartphones: in 2014, the Wall Street Journal reported that an NSO slide claimed to provide technology that “allows remote and stealth monitoring and full data extraction from remote devices via untraceable commands.” It’s currently unclear who exactly used the malware to target Mansoor.
Reuters suggests that such a piece of software, able to spy on an up-to-date iPhone 6, could retail for as much as $1 million.
Citizen Lab researchers informed Apple of the vulnerability over a week ago, and the iPhone maker has released a patch for devices running iOS 9. Apple claims devices running up-to-date beta versions of iOS 10 are unaffected.
Apple recently announced a bug-bounty program, which will see it pay out up to $200,000 for (invited) hackers who manage to identify the kinds of flaws leveraged by this malware. Perhaps it should’ve started sooner.
The miracle molecule that could treat brain injuries and boost your fading memory
Discovered more than a decade ago, a remarkable compound shows promise in treating everything from Alzheimer’s to brain injuries—and it just might improve your cognitive abilities.
This scientist now believes covid started in Wuhan’s wet market. Here’s why.
How a veteran virologist found fresh evidence to back up the theory that covid jumped from animals to humans in a notorious Chinese market—rather than emerged from a lab leak.
The US crackdown on Chinese economic espionage is a mess. We have the data to show it.
The US government’s China Initiative sought to protect national security. In the most comprehensive analysis of cases to date, MIT Technology Review reveals how far it has strayed from its goals.
A horrifying new AI app swaps women into porn videos with a click
Deepfake researchers have long feared the day this would arrive.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.