Apple Updates iOS To Close Three Separate 0days That Were Being Exploited

from the throw-away-your-phone dept

As you may have heard, if you have an iOS device (iPhone, iPad, even iPod Touch) you should be updating your devices, like a few hours ago. Seriously, if you haven't done it yet, stop reading and go update. The story behind this update is quite incredible, and is detailed in a great article over at Motherboard by Lorenzo Franceschi-Bicchierai. Basically after someone (most likely a gov't) targeted Ahmed Mansoor, a human rights activist in the United Arab Emirates with a slightly questionable text (urging him to click on a link to get info about prison torture), a team of folks from Citizen Lab (who have exposed lots of questionable malware) and Lookout (anti-malware company) got to work on the text and figured out what it did. And, basically the short version is that the single click exploits three separate 0days vulnerabilities to effectively take over your phone in secret. All of it. It secretly jailbreaks the phone without you knowing it and then accesses basically everything.
“It basically steals all the information on your phone, it intercepts every call, it intercepts every text message, it steals all the emails, the contacts, the FaceTime calls. It also basically backdoors every communications mechanism you have on the phone,” Murray explained. “It steals all the information in the Gmail app, all the Facebook messages, all the Facebook information, your Facebook contacts, everything from Skype, WhatsApp, Viber, WeChat, Telegram—you name it.”
So that's great.

The researches believe they've tracked back the exploit to a secretive hacking company called NSO Group. The full Citizen Lab writeup on all of this is quite fascinating as well. They estimate that this exploit from NSO probably costs in the range of a million dollars on the market, though obviously it's closed now. That doesn't mean that NSO or others don't have other exploits up their sleeves.

The report also notes that this kind of exploit is probably just used by nation states right now, but there's nothing to say that it couldn't move down the stack before too long, letting all sorts of mischievous characters look to basically completely pwn your phone. Pretty scary stuff, and yet another reminder of why it's so dangerous that folks like the NSA are hoarding 0days, rather than revealing them, and that the FBI is trying to force tech companies to break encryption and other tools that are necessary to block these kinds of attacks.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 25 Aug 2016 @ 12:07pm

    Not all bad news

    Hopefully these exploits can be used on unsupported devices to make them more useful after Apple abandoned them.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Aug 2016 @ 1:30pm

      Re: Not all bad news

      If by "more useful", you mean "not suitable for internet surfing"... because if you can use them to pwn your own device by visiting a website, anyone else can as well.

      So unless your jailbreak plans include "avoiding the public internet" - I'm not sure it makes them more useful at all. In fact, it basically does the opposite - rendering them "unsafe for any use".

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Aug 2016 @ 1:50pm

        Re: Re: Not all bad news

        Devices that are supported by Apple don't receive security updates so yes, they are "not suitable for internet surfing". The idea is to turn these bricks back into useful and possibly even secure devices with new software. There are millions of otherwise functioning iOS devices that cannot be improved because Apple holds the key.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Aug 2016 @ 1:50pm

          Re: Re: Re: Not all bad news

          Should read "Devices that are not supported by Apple"

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Aug 2016 @ 4:24pm

          Re: Re: Re: Not all bad news

          Yes, it's really too bad that Apple has locked down the hardware preventing alternative operating systems from being deployed.. which would actually make them more useful.

          reply to this | link to this | view in chronology ]

    • icon
      JBDragon (profile), 25 Aug 2016 @ 2:56pm

      Re: Not all bad news

      You mean how Apple will support a iPhone for at least 4 years, while Google only suggests 18 months with Android!!! Considering Google releases security updates for Android every month and only a tiny fraction of Android phones even get them, talking about abandonment!!

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Aug 2016 @ 4:27pm

        Re: Re: Not all bad news

        At least with an Android device, there are 3rd party ROMs that can be used to continue updating and securing the device for years to come.

        I have many such devices.

        Apple, on the other hand, doesn't cut their devices free - rendering them landfill-worthy at best.

        reply to this | link to this | view in chronology ]

      • icon
        nasch (profile), 27 Aug 2016 @ 3:46pm

        Re: Re: Not all bad news

        You mean how Apple will support a iPhone for at least 4 years, while Google only suggests 18 months with Android!!!

        Support is up to the carrier. As you say, Google releases security and OS updates but it's up to the carriers to push them out. There are advantages and disadvantages to the Android ecosystem compared to Apple.

        reply to this | link to this | view in chronology ]

    • icon
      MrTroy (profile), 26 Aug 2016 @ 12:55am

      Re: Not all bad news

      Create a tool utilising malicious code to try to help people against their will? What could possibly go wrong?

      reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 25 Aug 2016 @ 12:22pm

    I think there was a typo:
    "The researches believe they've tracked back the exploit to a secretive hacking company called NSO Group."

    Did they mean NSA group?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Aug 2016 @ 1:35pm

    Hillary

    Someone needs to let Hillary Clinton know that _maybe_ she doesn't want to use Facetime instead of email in light of this - As she was telling Jimmy Kimmel that Facetime was a GREAT idea.

    reply to this | link to this | view in chronology ]

  • icon
    Scott Yates (profile), 25 Aug 2016 @ 1:47pm

    Oh-Day?

    Should the title be ZERO-Day or OH-Day?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Aug 2016 @ 2:00pm

    My question is why would an Israeli company be helping the UAE, a country that doesn't recognize Israel as a state?

    reply to this | link to this | view in chronology ]

  • icon
    David (profile), 25 Aug 2016 @ 3:25pm

    Please use Zero-day or Zday

    for exploits in headlines. oday, 0day are not very clear.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Aug 2016 @ 4:19pm

    Simple Answer

    Leaving vulns unpatched is a crime against everybody, not just your enemies.

    reply to this | link to this | view in chronology ]

  • icon
    TRX (profile), 26 Aug 2016 @ 2:38am

    Sounds like a convenient 1-click way to back up all your data...

    reply to this | link to this | view in chronology ]

  • icon
    xtrassie (profile), 20 Sep 2016 @ 11:18pm

    Update,why and why not?

    But I still think there's some feature you can update and
    try for,such as 3D Touch, Voice mail transcription,Siri...

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.