{"id":18187,"date":"2022-02-03T10:30:08","date_gmt":"2022-02-03T18:30:08","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/02\/03\/news-11920\/"},"modified":"2022-02-03T10:30:08","modified_gmt":"2022-02-03T18:30:08","slug":"news-11920","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/02\/03\/news-11920\/","title":{"rendered":"Second Israeli firm accused of undermining iPhones, like NSO Group"},"content":{"rendered":"

<\/p>\n

Credit to Author: Jonny Evans| Date: Thu, 03 Feb 2022 09:08:00 -0800<\/strong><\/p>\n

As if recent revelations about NSO Group weren\u2019t bad enough,\u00a0yet another Israeli firm<\/a>\u00a0\u2014 QuaDream \u2014 has now been accused of using the same hack to undermine iPhone security.<\/p>\n

A Reuters<\/a><\/em> report has the details:<\/p>\n

The news follows the revelation that the\u00a0FBI also obtained NSO\u2019s Pegasus spyware<\/a>, but claims it did not use it. That \u00a0also follows another recent claim that NSO Group offered \u201cbags of cash\u201d<\/a> in exchange for access to US cellular networks via the SS7 network<\/a>.<\/p>\n

While we don\u2019t know if Apple is aware of the actions of QuaDream, how it responded to the NSO Group attack may be instructional. Apple closed the ForcedEntry vulnerability soon after it was revealed. The company later filed a lawsuit against NSO Group<\/a> saying the Israeli firm violated Apple\u2019s terms of use.<\/p>\n

Apple pulled no punches in its suit, which said:<\/p>\n

\u201cDefendants are notorious hackers \u2014 amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.\u201d<\/p>\n

Ivan Krsti\u0107, head of Apple Security Engineering and Architecture, said:<\/p>\n

\u201cOur threat intelligence and engineering teams work around the clock to analyze new threats, rapidly patch vulnerabilities, and develop industry-leading new protections in our software and silicon. Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to work tirelessly to protect our users fromabusivestate-sponsored actorslike NSO Group.\u201d<\/p>\n

With that promise in mind, it\u2019s easy to imagine Apple will now litigate against QuaDream for its abuse of the same vulnerability.<\/p>\n

These attacks aren\u2019t cheap. Reuters<\/a> <\/em>cites prices of $2 million and above for access to them. That expense implies most users needn\u2019t worry at this time, particularly as Apple has now patched this vulnerability.<\/p>\n

Sadly, this does not mean criminal and state-sponsored hackers won\u2019t abuse other so-far-unknown ways to break into your digital lives. (They may be doing so already.)<\/p>\n

For now, Apple is warning users<\/a> it identifies as having been hit by these hacks. Some of those affected include Israeli citizens<\/a>, US diplomats<\/a>, journalists<\/a>, dissidents, and opposition leaders in nations around the world<\/a>.<\/p>\n

\u201cMercenary spyware firms like NSO Group have facilitated some of the world\u2019s worst human rights abuses and acts of transnational repression, while enriching themselves and their investors,\u201d said Ron Deibert<\/a>, director of the Citizen Lab at the University of Toronto.<\/p>\n

NSO Group and an Israeli firm called Candiru have now been banned in the US<\/a>. We don\u2019t know if QuaDream will be added to that list, but there are many other firms that also should be constrained<\/a>.<\/p>\n

The problem with attacks of this kind is that they are highly sophisticated, highly targeted, and, by their nature, hard to spot. They use unknown vulnerabilities to break into a device, and then try to take control of those devices.\u00a0Until the attack is identified, security researchers and platform providers remain unaware that a flaw exists, so they cannot protect against it.<\/p>\n

This is why Apple is contributing $10 million<\/a> to support security research and (I imagine) will probably increase that investment moving forward.<\/p>\n

Since the NSO Group attack was disclosed, Apple now provides threat notifications<\/a>. So if it spots activity it sees as consistent with a state-sponsored attack, it will send the user who has been attacked an email, an iMessage, and a notification on that person\u2019s Apple ID page.<\/p>\n

When it comes to general security tips, Apple\u2019s current advice is to:<\/p>\n

It is important to note that any move to permit side-loading of apps on Apple\u2019s platforms<\/a> will undermine this security and make it easier for groups such as NSO Group or QuaDream to break into your iPhone.<\/p>\n

Finally, if you think your device has been affected, one (not at all ideal) solution might be to return your device to factory settings and make use of a temporary SIM and a backup Apple ID pending review of your original files.<\/p>\n

Stay safe out there.<\/p>\n

Please follow me on\u00a0Twitter<\/a>, or join me in the\u00a0AppleHolic\u2019s bar & grill<\/a>\u00a0and\u00a0Apple Discussions<\/a>\u00a0groups on MeWe.<\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Jonny Evans| Date: Thu, 03 Feb 2022 09:08:00 -0800<\/strong><\/p>\n

\n
\n

As if recent revelations about NSO Group weren\u2019t bad enough,\u00a0yet another Israeli firm<\/a>\u00a0\u2014 QuaDream \u2014 has now been accused of using the same hack to undermine iPhone security.<\/p>\n

QuaDream also used the hack, Reuters claims<\/strong><\/h2>\n

A Reuters<\/a><\/em> report has the details:<\/p>\n