Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Iphone United States Apple

US State Department iPhones Hacked With Israeli Company Spyware (techcrunch.com) 40

Apple's iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, Reuters reported Friday, citing people familiar with the matter. From the report: The hacks, which took place in the last several months, hit U.S. officials either based in Uganda or focused on matters concerning the East African country, two of the sources said. The intrusions, first reported here, represent the widest known hacks of U.S. officials through NSO technology. Previously, a list of numbers with potential targets including some American officials surfaced in reporting on NSO, but it was not clear whether intrusions were always tried or succeeded.
This discussion has been archived. No new comments can be posted.

US State Department iPhones Hacked With Israeli Company Spyware

Comments Filter:
  • Trying it on with US officials' phones is seriously overambitious. Sadly it is unlikely that the government of Uganda will get punished effectively for what seems most likely to be their effort.

    • by rsvivlergun ( 9067599 ) on Friday December 03, 2021 @12:31PM (#62043998)
      I doubt it was Ugandan officials, much more likely it was China which is heavily invested in Africa. China may be taking over the Ugandan international airport soon and is looking to control Africa in general.
    • Ugandans? Or the Israeli company that sells spyware and believes the customers won't abuse the spyware?

      But the joke I was looking for was something on the lines of "With friends like these..."

      Or your Rule 3?

      • But the joke I was looking for was something on the lines of "With friends like these..."

        Considering all the damage Israel has done and continues to do to the U.S., this is a perfectly valid statement.
      • But the joke I was looking for was something on the lines of "With friends like these..."

        If the end to that joke is "... who needs enemas?" I don't really want it to be either Uganda or Israel. :-)

        • by shanen ( 462549 )

          Mod parent Funny. I never would have come up with that. I would be trying to think of some logical connection, perhaps via medicine and the CDC in America.

          • I would be trying to think of some logical connection, ...

            Sometimes you have to look for the non sequitur... (Also one of my favorite comic strips [wikipedia.org].)

            • by shanen ( 462549 )

              On my daily list, but I think Far Side was better in its glory days.

              • On my daily list, but I think Far Side was better in its glory days.

                Yup. I have a few books and had the "Tyrannosaurus Mex" panel on my office door.

                [Along with others like the xkcd Houston [xkcd.com] and GOTO [xkcd.com] strips and (of course) the Dilbert Here's a nickel kid [dilbert.com] strip -- I'm a Unix SysAdmin and Software Engineer.]

                • by shanen ( 462549 )

                  Also in my dailies, but not sure why I'm still tracking Dilbert. Nothing new there in some years, but lots of nostalgia triggers from my "peak" job before I officially caught oldness.

                  • Also in my dailies, but not sure why I'm still tracking Dilbert. Nothing new there in some years, but lots of nostalgia triggers from my "peak" job before I officially caught oldness.

                    Agreed that it can be a bit stale at times, but Dilbert can be a good bellwether for knowing if it's time to change jobs. If the comic starts to (a) resemble your work experience and/or (b) stops being "funny", it's probably a good time to find another job. If it's "that's about right" your current job has probably gone wrong...

                    • by shanen ( 462549 )

                      Just the sad ACK.

                      But do you read "Pearls Before Swine"? He often does techno-humor.

                    • But do you read "Pearls Before Swine"? He often does techno-humor.

                      Yup. I've even exchanged a few emails with Stephan -- I have a stuffed elephant named Ellie and he has an elephant character name Elly; they can both be troublemakers. :-) I usually read the various comics online on Sunday and click back through that week.

    • Not at all overambitious: 1) nobody suspected a thing until the ICIJ (journalists) released their insider information. 2) US official is no more no less ambitious than the presidents of France, South Africa, the king of Morocco, the Prime Ministers of Morocco, Egypt, Pakistan. Someone ought to find out one day, but does it matter? Rival countries spy on each other all the time. 3) Doing it from Uganda gives plausible deniability, well done!. 4) "it's impossible to spy on US officials, let's not do it" said

  • even if not intentional

    • Comment removed based on user account deletion
      • Re: (Score:2, Flamebait)

        by Bert64 ( 520050 )

        An iPhone is a single static target. Develop a single exploit and it can target any iPhone.

        There are hundreds of vendors of Android devices, each with their own hardware differences and software customizations, some of which could affect exploit code - either requiring target-specific changes, or breaking the exploit entirely. Not to mention all the third party builds available for a lot of handsets.

        Diversity of targets can make it harder to write exploits.

        • And Androids have no standardization? While they are more variations in Androids, I can assure you that many of them use the same software underneath. For example if there is a SSH bug in Android, it affects LG and Samsung as those companies do not write their own SSH version. Anyone targeting Android will of course target the common core software that Android is based upon.
          • by Bert64 ( 520050 )

            Yes, but *less* standardization which makes it a more difficult target.
            Even if they are using the same implementation, they could have configured or compiled it differently which could mean a given bug is harder or impossible to exploit.
            Look at exploits which have come out for cross platform software over the years, you would frequently have different offsets for different builds or even significantly different exploits for the same underlying bug.

            • Your premise is also that Android vendors replace common Android software. Many times they simply re-skin Android. I find that many of them add bloat ware and spyware on top of standard Android. As such that makes Android more vulnerable not less vulnerable. Android allows the vendors to modify what they want. And why are you taking about "cross platform"? When there is an Android exploit, it generally affects most if not all vendors.
      • If you crack one iPhone, you've cracked all of them. That, and Apple has a VERY BAD track record of having code execution vulnerabilities in their software (especially iOS and Safari.)

        • Comment removed based on user account deletion
          • If they have an exploit apple is unaware of, how is apple supposed to patch it, even with successive hardware revisions which are based on the previous ones? Besides, most of the exploits are done via iOS and/or Safari vulnerabilities rather than hardware vulnerabilities.

            That said, let's do a little comparison:

            Android CVEs for code execution, all time:

            https://www.cvedetails.com/vul... [cvedetails.com]
            Total: 832
            (Note that a huge portion of this list is only for vendor specific implementations. Most of these vulnerabilities o

  • by schwit1 ( 797399 ) on Friday December 03, 2021 @01:24PM (#62044164)
  • Does Israel not spy on us on a constant basis? Do we not do the same to them? It seems like the primary users of an Israeli company's spyware would be people in Israel, and if it's hard to obtain it's more likely to be from the government than a private hacking group.

    • by Anonymous Coward

      It seems like the primary users of an Israeli company's spyware would be people in Israel, and if it's hard to obtain it's more likely to be from the government than a private hacking group.

      You haven't been paying attention, have you? Use of NSO Pegasus spyware. [wikipedia.org]

    • by piojo ( 995934 )

      The NSO group doesn't operate the spyware themselves. They sell it. And like some weapons dealers, they are being judged by who they sell it to and how the product is used. They do vet their customers, but whatever checks are in place seem to be insufficient.

      I wonder if they'd still be getting so much criticism if they didn't vet their customers? I don't see gun manufacturers come under this much criticism. (I think the difference is actually that NSO is peerless. If there were twenty manufacturers of effec

  • They said it was technically impossible for their software to infest a US citizen's phone. Did they lie?
  • And the US is using the same software to spy on others. So don't be so naive or a hypocrite.

To be is to program.

Working...