Science

Apple boosts iPhone security after Mideast spyware discovery

A botched attempt to break into the iPhone of an Arab activist using hitherto unknown espionage software has triggered a global upgrade of Apple's mobile operating system, researchers said Thursday.

Israeli firm NSO Group named author of spyware that exploited 3 undisclosed vulnerabilities

The spyware took advantage of three previously undisclosed weaknesses in Apple's iPhone to take complete control of the devices, according to reports published Thursday by the San Francisco-based Lookout smartphone security company and internet watchdog group Citizen Lab. (David Gray/Reuters)

A botched attempt to break into the iPhone of an Arab activist using hitherto unknown espionage software has triggered a global upgrade of Apple's mobile operating system, researchers said Thursday.

The spyware took advantage of three previously undisclosed weaknesses in Apple's iPhone to take complete control of the devices, according to reports published Thursday by the San Francisco-based Lookout smartphone security company and internet watchdog group Citizen Lab. Both reports fingered the NSO Group, an Israeli company with a reputation for flying under the radar, as the author of the spyware.

"The threat actor has never been caught before," said Mike Murrary, a researcher with Lookout, describing the program as "the most sophisticated spyware package we have seen in the market."

The reports issued by Lookout and Citizen Lab outlined how an iPhone could be completely compromised with the tap of a finger, a trick so coveted in the world of cyberespionage that in November a spyware broker said it had paid a $1 million dollar bounty to programmers who'd found a way to do it. The weaknesses could allow hackers to take control of targeted iPhones to spy on calls and messages.

Apple said in a statement that it fixed the vulnerability immediately after learning about it.

In a statement which stopped short of acknowledging that the spyware was its own, the NSO Group said its mission was to provide "authorized governments with technology that helps them combat terror and crime."

The company said it had no knowledge of any particular incidents.