No, we’re not trying to lure you in with a fear mongering headline: a security flaw has been discovered in Apple’s iOS that allows spyware to be installed on your phone just by clicking a link.
The flaw was discovered after hackers botched an attempt to implant spyware on the phone of Arab lawyer and activist, Ahmed Mansoor.
Mansoor – one of the ‘UAE Five’, arrested and imprisoned for eight months in 2011 for ‘insulting’ President Khalifa bin Zayed Al Nahyan – received text messages that promised to reveal “secrets” about dissidents being tortured in the UAE. He just needed to tap a link provided in the message to be provided with further information.
Suspicious of the messages’ content, Mansoor sent them to security researchers at the Citizen Lab. They discovered that the links would initiate a download of software that would effectively ‘jailbreak’ Mansoor’s iPhone 6, leaving it vulnerable to being overridden remotely. You can read about how it would have gone about opening up Mansoor’s phone here.
“Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” Citizen Lab told the BBC.
“We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find.”
The scope and sophistication of the spyware has caused Apple to respond immediately, releasing an update (iOS 9.3.5) that counters against similar threats.
Researchers at Citizen Lab believe the spyware is the creation of Israeli ‘cyber-war’ company, NSO Group. Researchers believe that someone will have paid for Mansoor’s phone to be targeted. Give it a few days and we’ll probably be reporting that Sony has acquired the rights to make the film.
In summary: always update your phone to ensure you’ve got the most recent security measures, don’t click links from unknown sources and never believe your phone is totally secure.