Mike Peterson
Security researchers have discovered a new type of sophisticated iPhone spyware, signaling that Apple's devices are still threatened even if NSO Group shuts down its surveillance tools.
Researchers at the Citizen Lab on Thursday published new findings on a spyware tool dubbed Predator. The tool is built and sold by little-known mercenary surveillance company Cytrox.
The team found the spyware on the smartphones of two Egyptians — an exiled politician and a news program host. The iPhone of the politicians phone, Ayman Nour, was compromised both by Predator and NSO Group's Pegasus — and each was apparently operated by different government clients.
Both of the victims were attacked with the Predator spyware in June 2021. Citizen Lab indicates that the spyware made it onto a target iPhone through single-click links send via WhatsApp. They were able to infect iPhone models running iOS 14.6, which was the latest version of the software at the time.
Nour only became suspicious that his device was compromised when he noticed that it was "running hot." Citizen Lab then analyzed the device and reviewed logs from his phone. The security researchers believe that the attacks originated from the Egyptian government.
Cytrox is part of the so-called "Intellexa alliance," which is a network of mercenary spyware vendors that emerged in 2019. Although originally based in Cyprus, recent reports indicate that Intellexa now operates in Greece.
Spyware targeting iPhone devices is becoming spotlighted in the public eye after controversy surrounding a surveillance product made by Israeli company NSO Group.
The NSO Group-developed Pegasus spyware has been used by government actors to target political dissidents, activists, and journalists — and members of the U.S. State Department. Security researchers at Google's Project Zero in December suggested that NSO Group's surveillance capabilities rival those of nation-states.
Apple sued NSO Group in November in an attempt to hold the company accountable for its surveillance of iPhone users. The company is reportedly mulling shutting down its Pegasus spyware because of the financial and legal pressure.
Andrew Orr
Amber Neely
William Gallagher
Christine McKee
AppleInsider Staff
13 Comments
So AppleInsider and every other tech blog never makes it clear... should we all get rid of our iPhones and buy Android to be safe? Should journalists and political activists switch to Android instead?
Is it safer to use Android rather than iOS now? Do we have any reports of targeted individuals who were using an Android phone when they were hack into?
I’m only half-way sarcastic because all we hear about is iOS being compromised, nothing about Android.
Not to sound cynical, but you can probably say that the "health" of the iPhone cracking industry is inversely proportional the the level of public pressure that law enforcement, state level surveillance, and espionage organizations are exerting against Apple to open up a backdoor into the iPhone's "secure" communication subsystems. If those who seek to access the supposedly secure attributes of the iPhone were not able to do so with regularity, we'd be hearing about it loud and clear. It's kind of like countries spying on each other, it's always going on, it's tolerated to a certain degree because it serves a purpose, but until it becomes too egregious or radically unbalanced, nobody is going to really talk about it in public.