Hackers have been breaking into iPhones allegedly using a powerful spy tool sold to governments and taking advantage of a previously unknown vulnerability in the popular messaging app WhatsApp.
The hacking tool, as well as the WhatsApp exploit, were made by the infamous Israeli hacking and surveillance tool vendor NSO Group, according to The Financial Times, which first reported the story on Monday. WhatsApp found out about the flaw—and eventually patched it—after a victim got in touch with the digital security research group Citizen Lab, which in turn warned the Facebook-owned company.
The incident called into question the much vaunted security of the iPhone, a device considered by many to be the most secure consumer device on the planet. Some iOS security experts say this is yet another incident that shows iOS is so locked down it’s hard—if not impossible—to figure out if your own iPhone has been hacked.
“The simple reality is there are so many 0-day exploits for iOS,” Stefan Esser, a security researcher that specializes in iOS, wrote on Twitter. “And the only reason why just a few attacks have been caught in the wild is that iOS phones by design hinder defenders to inspect the phones.”
As of today, there is no specific tool that an iPhone user can download to analyze their phone and figure out if it has been compromised. In 2016, Apple took down an app made by Esser that was specifically designed to detect malicious jailbreaks. Moreover, iOS is so locked down that without hacking or jailbreaking it first, even a talented security researcher can do very little analysis on it. That is why security researchers crave expensive iPhone prototypes that have security features disabled, as a Motherboard investigation revealed earlier this year.
Claudio Guarnieri, a technologist at Amnesty International, who found that a colleague of his was targeted by NSO spyware last year, said that the “irony” is that there are better tools for attackers who want to do forensics on iOS—such as Cellebrite and GrayShift—than for defenders who want to help victims……Read more>>