iOS: Malware Pegasus had extensive access
Security experts at Lookout were aghast when they foud a professionally programmed malware that seems to have infected an unknown amount of iOS devices over the last months. A rather simple attack allows the malware to gain extensive access to phone functionalities and user data.
The flaw had been discovered by the Citizen Lab of Munk School of Global Affairs, Canada. The Citizen Lab is an institution that looks into the connections between IT and human rights. They in turn were informed about a strange text message on the phone of Saudi Arabian human rights activist Ahmed Mansoor. In the text, Mr. Mansoor was asked to click on a link to get further informations about victims of torture. He didn't click, however, and instead sent the text to the Citizen Lab.
They were able to connect the link to NSO Group, a company from Israel, that you might call a cyber weapon manufacturer. This company sells Pegasus, a allegedly legal spyware only intended for governments. As Mansoor had been a target of persecution by the Saudi Arabian Government and Pegasus is allegedly only being sold to governments, it seems quite obvious who was behind the text message containing the link.
The exploit chain that would have followed a click on the link has been researched by the Citizen Lab in cooperation with Lookout. It seems to be a first-ever in the sense that the second step would have been a remote jailbreak that would have circumvent iOS' built in security systems and would have gained the attacker extensive access rights on the smartphone.
As a next step they could have transferred and executed harmful code on the phone without the user noticing it. Thus they could save passwords, read the users' keyboard inputs, trace calls and record them, take photos or find out the position of the smartphone. In short: They might have been able to follow every action on that iPhone.
The attack is interesting as Apple is the exclusive manufacturer of iOS devices and thus has a firm grip on security. That is also the reason why exploits like this one are expensive, involve a lot of work and are quite seldom.
The Citizen Lab and Lookout have informed Apple immediately and the company has released a patch called iOS 9.3.5 that has closed all security flaws that were used in the attack. Users are requested to make sure their iPhone has the latest software installed.