Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

How a Saudi Woman's iPhone Revealed Hacking Around the World (yahoo.com) 33

A single activist helped turn the tide against NSO Group, one of the world's most sophisticated spyware companies now facing a cascade of legal action and scrutiny in Washington over damaging new allegations that its software was used to hack government officials and dissidents around the world. It all started with a software glitch on her iPhone. Reuters: An unusual error in NSO's spyware allowed Saudi women's rights activist Loujain al-Hathloul and privacy researchers to discover a trove of evidence suggesting the Israeli spyware maker had helped hack her iPhone, according to six people involved in the incident. A mysterious fake image file within her phone, mistakenly left behind by the spyware, tipped off security researchers. The discovery on al-Hathloul's phone last year ignited a storm of legal and government action that has put NSO on the defensive. How the hack was initially uncovered is reported here for the first time. Al-Hathloul, one of Saudi Arabia's most prominent activists, is known for helping lead a campaign to end the ban on women drivers in Saudi Arabia. She was released from jail in February 2021 on charges of harming national security.

Soon after her release from jail, the activist received an email from Google warning her that state-backed hackers had tried to penetrate her Gmail account. Fearful that her iPhone had been hacked as well, al-Hathloul contacted the Canadian privacy rights group Citizen Lab and asked them to probe her device for evidence, three people close to al-Hathloul told Reuters. After six months of digging through her iPhone records, Citizen Lab researcher Bill Marczak made what he described as an unprecedented discovery: a malfunction in the surveillance software implanted on her phone had left a copy of the malicious image file, rather than deleting itself, after stealing the messages of its target. He said the finding, computer code left by the attack, provided direct evidence NSO built the espionage tool. "It was a game changer," said Marczak. "We caught something that the company thought was uncatchable." The discovery amounted to a hacking blueprint and led Apple to notify thousands of other state-backed hacking victims around the world, according to four people with direct knowledge of the incident.

This discussion has been archived. No new comments can be posted.

How a Saudi Woman's iPhone Revealed Hacking Around the World

Comments Filter:
  • So has Apple... (Score:4, Interesting)

    by TWX ( 665546 ) on Friday February 18, 2022 @01:04PM (#62280785)

    ...actually fixed their damn phones to cut off this vector of exploit, or are they just warning people after the fact?

  • by sombragris ( 246383 ) on Friday February 18, 2022 @01:32PM (#62280897) Homepage

    The original article's writing is notoriously poor and ambiguous.
    What is "malicious image file"? Image as in JPG file? or as in an ISO / OS file?
    Outside politics (and maybe economics) journalists really don't have a clue...

  • Unit testing may be a pain but it's value outweighs it's costs. ;)

    • by Anonymous Coward

      "Unit testing may be a pain but it is value outweighs it is costs."

    • Unit testing may be a pain but it's value outweighs it's costs. ;)

      In this case the unit tests probably passed. It was likely the specifics of the device that the code ended up running on which made it behave differently from on the original device. You need more than unit tests to have a chance to pick that up.

  • Uh great (Score:5, Funny)

    by phantomfive ( 622387 ) on Friday February 18, 2022 @01:40PM (#62280935) Journal

    Glad to see genuine cooperation between Israel and the Arab nations.

  • Hmm (Score:4, Interesting)

    by DivineKnight ( 3763507 ) on Friday February 18, 2022 @02:08PM (#62281029)

    More worried about the Android variant, and whether antiviral software will detect it.

According to the latest official figures, 43% of all statistics are totally worthless.

Working...