The Secret Behind the Software That Can Hack Any iPhone

NSO Group, based in Israel but owned by an American investment firm, can write iPhone hacking tools with 3 zero-day flaws.

According to BBC, human rights activist,Ahmed Mansoor recently found himself the target of a cyberattack when he received a text message on his iPhone from an anonymous sender promising to reveal secrets about torture in a prison inUnited Arab Emirates (UAE). If you click on the link, you will be exposed to a large amount of personal data, messages, photos, emails, location data and even automatically record calls, photos and send them.

Luckily,Ahmed Mansoor did not do so and immediately forwarded the message to the company's cybersecurity experts.Lookout and Internet watchdog group Citizen Lab. Initial results of the investigation into the method of implementation show that the NSO Group is the one behind the incident.

NSO Group was founded in 2010 and has gone through several different names. The company is headquartered inHerzliya, Israel but owned by an American investment companyFrancisco Partners.NSO is currently valued at around $1 billion. The companyspecializes in creating tools that they say fight crime and terrorism. However, security researchers call it a "cyber weapons dealer." Additionally, according to Forbes, NSO is also invested by8200 Intelligence Unit, Israel's military startup funding program.

NSO once boasted of being able to launch hacking tools that left no trace.

After being accused of being involved in hacking into the phone of"The company only sells its tools to authorized government agencies and in full and strict compliance with export control laws and regulations," said Ahmed Mansoor, a spokesman for the group.

The recent attack on iPhones was carried out through three zero-day bugs. The term zero-day refers to previously unknown vulnerabilities in the security industry that allow hackers to break into a system. Discovering a single bug is now so rare, so finding three zero-day bugs is considered excellent, the BBC emphasized.

Clues to the origin of the attack came from a close examination of a message Mansoor received on his phone. The link in the message led to a web domain with servers set up by NSO Group for its clients. Analysis of the spyware also showed references to the code Pegasus, the name NSO uses for one of its spyware products.

Meanwhile, Apple patched the bug with the release of iOS 9.3.5. The US tech company said the vulnerability was reviewed as soon as it was made aware of it. Apple recommends that customers always update to the latest iOS to protect themselves from potential threats.

To check and upgrade on iOS, users access Settings > General > Software Update.

According to VNE