How a Saudi Woman's iPhone Revealed Hacking Around the World (yahoo.com) 33
A single activist helped turn the tide against NSO Group, one of the world's most sophisticated spyware companies now facing a cascade of legal action and scrutiny in Washington over damaging new allegations that its software was used to hack government officials and dissidents around the world. It all started with a software glitch on her iPhone. Reuters: An unusual error in NSO's spyware allowed Saudi women's rights activist Loujain al-Hathloul and privacy researchers to discover a trove of evidence suggesting the Israeli spyware maker had helped hack her iPhone, according to six people involved in the incident. A mysterious fake image file within her phone, mistakenly left behind by the spyware, tipped off security researchers. The discovery on al-Hathloul's phone last year ignited a storm of legal and government action that has put NSO on the defensive. How the hack was initially uncovered is reported here for the first time. Al-Hathloul, one of Saudi Arabia's most prominent activists, is known for helping lead a campaign to end the ban on women drivers in Saudi Arabia. She was released from jail in February 2021 on charges of harming national security.
Soon after her release from jail, the activist received an email from Google warning her that state-backed hackers had tried to penetrate her Gmail account. Fearful that her iPhone had been hacked as well, al-Hathloul contacted the Canadian privacy rights group Citizen Lab and asked them to probe her device for evidence, three people close to al-Hathloul told Reuters. After six months of digging through her iPhone records, Citizen Lab researcher Bill Marczak made what he described as an unprecedented discovery: a malfunction in the surveillance software implanted on her phone had left a copy of the malicious image file, rather than deleting itself, after stealing the messages of its target. He said the finding, computer code left by the attack, provided direct evidence NSO built the espionage tool. "It was a game changer," said Marczak. "We caught something that the company thought was uncatchable." The discovery amounted to a hacking blueprint and led Apple to notify thousands of other state-backed hacking victims around the world, according to four people with direct knowledge of the incident.
Soon after her release from jail, the activist received an email from Google warning her that state-backed hackers had tried to penetrate her Gmail account. Fearful that her iPhone had been hacked as well, al-Hathloul contacted the Canadian privacy rights group Citizen Lab and asked them to probe her device for evidence, three people close to al-Hathloul told Reuters. After six months of digging through her iPhone records, Citizen Lab researcher Bill Marczak made what he described as an unprecedented discovery: a malfunction in the surveillance software implanted on her phone had left a copy of the malicious image file, rather than deleting itself, after stealing the messages of its target. He said the finding, computer code left by the attack, provided direct evidence NSO built the espionage tool. "It was a game changer," said Marczak. "We caught something that the company thought was uncatchable." The discovery amounted to a hacking blueprint and led Apple to notify thousands of other state-backed hacking victims around the world, according to four people with direct knowledge of the incident.
So has Apple... (Score:4, Interesting)
...actually fixed their damn phones to cut off this vector of exploit, or are they just warning people after the fact?
Re: So has Apple... (Score:5, Informative)
Re: (Score:2)
Apple patched the vulnerability and documented in CVE-2021-30860. The notification went to other phones found to be compromised by the attack. The iOS that resolved the vulnerability was 14.8. https://googleprojectzero.blog... [slashdot.org]>Citation.
Thing is, that means that the phones are secure from us. Companies like NSO can afford to find another and another breach. To stop them would need a serious level of redesign which would cost serious money. Apple's not much more at fault than the rest; Microsoft and Google have the same problem; however that means that the Saudi dissidents, and so many other people will not really be safe as long as we stick with the current generations of software.
Re: So has Apple... (Score:2)
Re: (Score:2, Troll)
"Like I know that women are treated as chattel and have their sexual organs mutilated, by infibulation, and aren't allowed to drive in some places - but you men need to get a perspective on how you are the real criminals - an old white dude held a door open for me - that's the real problem!"
There's a difference between your responsibility for what happens in your own home and what happens in someone else's house. What a surprise.
What is your proposal to solve the problem of oppression in Saudi Arabia? Invade? Another war in the gulf? It seems to me that given that the previous US regime [nbcnews.com] was so close with Saudi and members of that Junta [aljazeera.com] continue to meet with and support the Saudis, just taking a slightly distant approach and being consistent about human rights as the current US government is do
Re: (Score:1)
"Like I know that women are treated as chattel and have their sexual organs mutilated, by infibulation, and aren't allowed to drive in some places - but you men need to get a perspective on how you are the real criminals - an old white dude held a door open for me - that's the real problem!"
There's a difference between your responsibility for what happens in your own home and what happens in someone else's house. What a surprise.
Perhaps in your world. Sorry that you just don't care. You might say that it's difficult to address, but your reply is dismissive of the real issues that women in other parts of the world have to deal with, while the goalposts are continuously moved toward total hatred of men in the west, not for anything they do - but that they exist.
What is your proposal to solve the problem of oppression in Saudi Arabia? Invade? Another war in the gulf?
You call attention to it, and you don't stop calling attention to it. I find it very upsetting for women being mistreated and handled as if they were animals. I can't imagine
Re: (Score:3)
There's a difference between your responsibility for what happens in your own home and what happens in someone else's house. What a surprise.
Perhaps in your world. Sorry that you just don't care. You might say that it's difficult to address, but your reply is dismissive of the real issues that women in other parts of the world have to deal with, while the goalposts are continuously moved toward total hatred of men in the west, not for anything they do - but that they exist.
What is your proposal to solve the problem of oppression in Saudi Arabia? Invade? Another war in the gulf?
You call attention to it, and you don't stop calling attention to it. I find it very upsetting for women being mistreated and handled as if they were animals. I can't imagine why people like you support that sort of thing, or at least just shrug your shoulders with a writ of "Not my problem!"
That's not what I said and you know it fully. I didn't say I don't care - I said that there's a difference between home and distant. That difference is not in terms of importance but in terms of responsibility and approach. You are looking for an excuse to ignore the things that you are doing by pointing out that someone, somewhere else, is doing something worse. If I start to point out problems in someone else's society then I should work with the people in that society that are fighting against the proble
Re: (Score:2)
Perhaps in your world. Sorry that you just don't care. You might say that it's difficult to address, but your reply is dismissive of the real issues that women in other parts of the world have to deal with, while the goalposts are continuously moved toward total hatred of men in the west, not for anything they do - but that they exist.
What is your proposal to solve the problem of oppression in Saudi Arabia? Invade? Another war in the gulf?
You call attention to it, and you don't stop calling attention to it. I find it very upsetting for women being mistreated and handled as if they were animals. I can't imagine why people like you support that sort of thing, or at least just shrug your shoulders with a writ of "Not my problem!"
That's not what I said and you know it fully. I didn't say I don't care - I said that there's a difference between home and distant.
Then again, you didn't say that you care.
You are looking for an excuse to ignore the things that you are doing by pointing out that someone, somewhere else, is doing something worse.
Could you show where I said that?
It is true that I consider the concept of microagression and it's need for supression as symbolic of a attempt to make weakness a virtue.
But you see, it is apparently not allowed to ask why we don't hear more from the feminist movement about verifiable physical and mental cruelties visited on women in other parts of the world.
"Microagressions" are not relevant to people who are being raped and tortured and bringing a US local discussion into this conversation is frankly sick.
And I would respond by saying that it is apparently not relevant to people worried about microagressi
Re: (Score:2)
You are looking for an excuse to ignore the things that you are doing by pointing out that someone, somewhere else, is doing something worse.
Could you show where I said that?
Oh sure. Unlike you I'm not a bullshit merchant that keeps avoiding the topic at hand. Let's look at your first comment:
It's exactly here, in your original [slashdot.org] comment which was highly rated but, now rightly has been modded down as a troll. You came into an
Re: (Score:2, Offtopic)
And with children working for cents an hour in many countries, what's with spoiled brats like you asking your boss for vacation time and a raise over your already luxuriant salary?
Re: (Score:2)
And with children working for cents an hour in many countries, what's with spoiled brats like you asking your boss for vacation time and a raise over your already luxuriant salary?
Non sequitur of the week.
Re: (Score:3)
Non sequitur of the week.
Difficult for you to connect? Let me draw in the shape for you.
The person being paid pennies in a far away country has far more need of money than you. You have tried to make it clear nobody should worry about issues of equality in the "west" whilst there are bigger issues of equality in places like Saudi. If you were not a hypocrite you would, before you worried about increasing your own salary first ensure that everyone else in the world had a salary at least as fair as yours. Do you not care? "You repuls
Re:Never understood (Score:4, Insightful)
This sentiment is part of the problem I'm afraid.
Sexism like you describe as trivial leads to bigger things and misogyny. You are right, what seems common courtesy from one perspective doesn't seem significant. However, separating a group of people out to treat differently IS the issue. It creates an "us versus them" situation and allows for objectification and suppression and different treatment because it IS different treatment (just apparently benign).
I used to not feel it wasn't significant and even gracious too until more life experience showed how these individual grains of sand lead to the big piles.
My SO used to work for a family who had a young boy who was not just disrespectful, but more demandingly abusive, and she replied something to the effect of, "I don't speak to you that way, who do you know speaks to anyone that way?" His mother overhearing in the kitchen replied, "His father speaks to me that way". This child, late single digits of age, already uses misogyny in his regular life.
So yes, please hold the door for people, men and women, if a woman reaches out to take it herself so you can go through, please accommodate her graciously, she might want to watch your ass walk instead of have you ogle her ass as she walks by.
Part of improving the situation here is helps contrast issues there. People are working to try to improve such issues there too. The two problems are not exclusive!
Re: (Score:2)
This sentiment is part of the problem I'm afraid.
Sexism like you describe as trivial leads to bigger things and misogyny.
Here's a little slice of truth. I cannot make everyone like me, or share my principles. I'm a pale skinned CISgendered male in my 60's.
There are people who call themselves inclusive, yet hate people because of their "race", sex, and skin color.
https://www.salon.com/2015/12/... [salon.com] I suspect some of them might even cheer this bit of news. https://pubmed.ncbi.nlm.nih.go... [nih.gov] We do kill ourselves at a higher rate than anyone else.
Does that harm me? Not really. I do like to point out hypocrisy, and detest ra
Re: (Score:2)
Actually in the US (I assume that is "over here") if you treat a women just like a male in software development you're likely to be castigated for it. Because white patriarchy (or something like that - amusing because where I've worked in recent decades, white folks were a small minority).
If your code sucks and is causing a serious customer problem, I'm not sugarcoating the source of the problem or masking it. Yet, in all my years in the industry, in such situations I've never heard of a man complaining to management that they were being mistreated "because they were a man". However when women have been treated identically there have been numerous times when they have complained to management claiming that they were mistreated "because they were a woman".
If I rely on you to resolve a customer crisis when needed and you're the best person to do it - even if it means working 36 hours straight - you will be rewarded. If you can't dedicate the effort to reach that level, that's fine -- but don't expect to attain the same stature as a coworker who has broadened their horizons, expanded their knowledge of edges of the system outside "their piece", and groks the customers' situations because they stepped up to the plate in such situations and hit a triple or a home run while you've never even been seen in the batter's box. I don't care for what reason you're not engaging and seeking out such opportunities is. It doesn't matter to me if it's because "you have a family", "you need to go to church", "you feel like taking a vacation", or "you need to go home to take care of your kids". If you're not growing professionally as quickly as someone else and/or not contributing as much, you're unlikely to advance as quickly or as far -- and that's not because of your gender, sex, race, or religion, it's because of your contributions and potential future growth.
To often, now, equality is not what feminists are demanding, they are demanding special treatment. If you choose to take time off or reduce your contributions while your kids are young, your experience and/or contributions will be less -- I don't care if you're a single father, a single mother, the father in a relationship where the father bears much of the burden of raising the kids while the mother is the primary "breadwinner", or the mother in a relationship where the mother bears much of the burden of raising the kids while the father is the primary "breadwinner". If your life choices ended up with you, regardless of gender, taking more time off or engaging less when working, you probably won't do as well -- I don't care if you're male, female, non-binary, or whatever other label you choose to apply to yourself.
Wasn't sure where to trim, but yes. Equality has morphed into demands that workplace men conform to the ladies demands. I was paid around 3 times what the ladies in my group were paid.
Despite identical job descriptions, they refused to come in to work early, or stay late, work on weekends, do remote work, do dangerous work. or interact with mahogany row.
I would.
They cited the regular reasons as you noted - had to get home to take care of the children, had to make dinner for the family, and became rem
Re: (Score:2)
Americans aren't racist and whatnot, because some other place is also bad.
Whatabout if we had such a term for such obvious distractions?
Whatbout if you are so challenged that you don't understand that my post was a dig at American feminists who are most all silent about actual violence against women in some other countries while turning really small slights into such soul damaging destructions that they become suicidal.
Hint: Whataboutism is defense of a wrong by pointing out that another group also engages in a wrong.
It's like saying "Russia is engaging in empire building in eastern Europe", then a reply comes in "So? America has done
Unclear writing (Score:3)
The original article's writing is notoriously poor and ambiguous.
What is "malicious image file"? Image as in JPG file? or as in an ISO / OS file?
Outside politics (and maybe economics) journalists really don't have a clue...
Re:Unclear writing (Score:5, Insightful)
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html/ [blogspot.com]
Re: (Score:2)
Holy crap, they implement a full machine stack into an image file and used that virtual machine to carry out an attack on the memory on the host machine, that is bloody brilliant, someone was paying attention in their assembler class =)
Re: (Score:2)
The moral of the story: (Score:2)
Unit testing may be a pain but it's value outweighs it's costs. ;)
Re: (Score:1)
"Unit testing may be a pain but it is value outweighs it is costs."
Re: (Score:2)
Unit testing may be a pain but it's value outweighs it's costs. ;)
In this case the unit tests probably passed. It was likely the specifics of the device that the code ended up running on which made it behave differently from on the original device. You need more than unit tests to have a chance to pick that up.
Uh great (Score:5, Funny)
Glad to see genuine cooperation between Israel and the Arab nations.
Hmm (Score:4, Interesting)
More worried about the Android variant, and whether antiviral software will detect it.