- IT security researchers have so far the most spectacular Hacks of the iPhone parsed.
- The attackers were able to find three vulnerabilities in Apple systems and to exploit it.
- For such attacks, governments pay up to a million and a half dollars.
After two hours in front of the screen to Max Bazaliy is now becoming clear that he just analysed the computer code as IT security researchers will get to see only rarely. Code that is so critical that companies pay a lot of money.
Bazaliy works for the company Lookout, which specializes in the security of Smartphones. He still spends several hours on his computer until he is sure. “I’ve noticed that very strange things happen,” says the 29-Year-old in a conversation in Hamburg at the end of 2016, at the edge of the Hacker conference 33c3. On the night that he sees the Code, he calls his boss. It is very urgent.
The Code that will keep him busy from mid-August for several weeks, apparently, can access fully to third-party iPhones: Skype conversations, read E-mail access, keystrokes logging. Even more is possible. “I was very impressed. The attack is extremely clever,” says Bazaliy. His colleague put it in an interview with the Vanity Fair thus: “In every line of it was: ‘Oh shit, this can’t be true. Oh shit. Oh shit.’ So it went on and on.”
An unusual case of espionage
It is the first Time, the public documented a case in which the iPhone can be operated by Unauthorised persons, which could also be located at the other end of the world. An exceptional case of espionage that exploits three weaknesses of the device. At the pit you would say: Two short Straight, then the uppercut, and the defense of the iPhone is knocked out.
Ironically, the Smartphone, the also enjoys in terms of safety, an excellent reputation. Because Apple controls both hardware and Software – in contrast to most manufacturers of Android phones. Apple’s advantage is to Be found security gaps, these can be provided with an Update relatively quickly closed. That makes attacks harder. Apple responded In August 2016 in a hurry. Within two weeks, the gap was closed.
Bazaliy analyzed the technical Details of the attack, IT security researchers of the research group Citizen Lab of Canada, the political Dimension. First, both studies together, a clear overall, there were image.
multi-billion dollar shadow market to spying Software
It shows that the world in the past years, an overview of the shadow market has emerged in which aggressive computer code traded. There will be implemented a few estimates about how many billion euros in the year with the sale of spying Software. In 2012, it was said, that, already, five billion dollars are annually implemented.
States and their police authorities in a buy in this market. What hackers can find in a lot of work and for good money to sell, is also used by oppressive regimes, to dissidents, to spy. So also in the case of “Pegasus”, as professionals call the great attack on the iPhone.
The actual target of the attack, Ahmad Mansour. He lives in the United Arab Emirates, for the citizens with the state. For his work he was awarded, among others, Amnesty International and Human Rights Watch, the human rights award. In the Emirates, he was drafted, imprisoned, beaten, his passport. And at least three Times, was trying to monitor his communications.
In August 2016 gets Mansour a SMS from an unknown number. It says: “New secrets about Emirati citizens who were tortured in prisons” Sounds like a topic that should be of interest to the human rights activists. Including a Link. It is a classic Phishing message. Here, attackers try to lure victims with a targeted message. The SMS is tailored so that the recipient clicks on the Link and spying software downloads on the Smartphone, without being aware of it.
“For me, it is quite normal, also the Doubts to doubt”
Mansour was already fallen twice on a comparable Phishing Trick. This Time he clicked on the message. “I have seen almost all forms of monitoring software all the Hacking techniques. For me it is quite normal, also, no Doubt, doubt,” he said in an Interview with Motherboard.
Instead, he forwarded the message to Bill Marczak of Citizen Lab. The IT-security researchers have uncovered in the years before the machinations of companies, the Monitoring as a service offering. They sell not only the vulnerabilities, but also provide Support services for engineering. Marczak looked at the Mansour forwarded Code, and forwarded it directly to Bazaliy, those skilled in the art from the Lookout. The company has specialized in the security of iOS devices.