US State Department iPhones Hacked With Israeli Company Spyware (techcrunch.com) 40
Apple's iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, Reuters reported Friday, citing people familiar with the matter. From the report: The hacks, which took place in the last several months, hit U.S. officials either based in Uganda or focused on matters concerning the East African country, two of the sources said. The intrusions, first reported here, represent the widest known hacks of U.S. officials through NSO technology. Previously, a list of numbers with potential targets including some American officials surfaced in reporting on NSO, but it was not clear whether intrusions were always tried or succeeded.
Rule 1 DON'T GET CAUGHT (Score:2)
Trying it on with US officials' phones is seriously overambitious. Sadly it is unlikely that the government of Uganda will get punished effectively for what seems most likely to be their effort.
Re: Rule 1 DON'T GET CAUGHT (Score:4, Interesting)
Re: Rule 1 DON'T GET CAUGHT (Score:1)
Re: Rule 1 DON'T GET CAUGHT (Score:2)
Rule 2 DON'T BE STUPID (Score:2)
Ugandans? Or the Israeli company that sells spyware and believes the customers won't abuse the spyware?
But the joke I was looking for was something on the lines of "With friends like these..."
Or your Rule 3?
Re: (Score:2)
Considering all the damage Israel has done and continues to do to the U.S., this is a perfectly valid statement.
Re: (Score:2)
But the joke I was looking for was something on the lines of "With friends like these..."
If the end to that joke is "... who needs enemas?" I don't really want it to be either Uganda or Israel. :-)
Re: (Score:2)
Mod parent Funny. I never would have come up with that. I would be trying to think of some logical connection, perhaps via medicine and the CDC in America.
Re: (Score:2)
I would be trying to think of some logical connection, ...
Sometimes you have to look for the non sequitur... (Also one of my favorite comic strips [wikipedia.org].)
Re: (Score:2)
On my daily list, but I think Far Side was better in its glory days.
Re: (Score:2)
On my daily list, but I think Far Side was better in its glory days.
Yup. I have a few books and had the "Tyrannosaurus Mex" panel on my office door.
[Along with others like the xkcd Houston [xkcd.com] and GOTO [xkcd.com] strips and (of course) the Dilbert Here's a nickel kid [dilbert.com] strip -- I'm a Unix SysAdmin and Software Engineer.]
Re: (Score:2)
Also in my dailies, but not sure why I'm still tracking Dilbert. Nothing new there in some years, but lots of nostalgia triggers from my "peak" job before I officially caught oldness.
Re: (Score:2)
Also in my dailies, but not sure why I'm still tracking Dilbert. Nothing new there in some years, but lots of nostalgia triggers from my "peak" job before I officially caught oldness.
Agreed that it can be a bit stale at times, but Dilbert can be a good bellwether for knowing if it's time to change jobs. If the comic starts to (a) resemble your work experience and/or (b) stops being "funny", it's probably a good time to find another job. If it's "that's about right" your current job has probably gone wrong...
Re: (Score:2)
Just the sad ACK.
But do you read "Pearls Before Swine"? He often does techno-humor.
Re: (Score:2)
But do you read "Pearls Before Swine"? He often does techno-humor.
Yup. I've even exchanged a few emails with Stephan -- I have a stuffed elephant named Ellie and he has an elephant character name Elly; they can both be troublemakers. :-) I usually read the various comics online on Sunday and click back through that week.
Re: (Score:1)
Not at all overambitious: 1) nobody suspected a thing until the ICIJ (journalists) released their insider information. 2) US official is no more no less ambitious than the presidents of France, South Africa, the king of Morocco, the Prime Ministers of Morocco, Egypt, Pakistan. Someone ought to find out one day, but does it matter? Rival countries spy on each other all the time. 3) Doing it from Uganda gives plausible deniability, well done!. 4) "it's impossible to spy on US officials, let's not do it" said
Great advertising for the spyware co. (Score:2)
even if not intentional
Stop using iPhones if you need security. (Score:2)
https://www.phonearena.com/new... [phonearena.com]
Re: (Score:1)
Re: (Score:2, Flamebait)
An iPhone is a single static target. Develop a single exploit and it can target any iPhone.
There are hundreds of vendors of Android devices, each with their own hardware differences and software customizations, some of which could affect exploit code - either requiring target-specific changes, or breaking the exploit entirely. Not to mention all the third party builds available for a lot of handsets.
Diversity of targets can make it harder to write exploits.
Re: (Score:3)
Re: (Score:2)
Yes, but *less* standardization which makes it a more difficult target.
Even if they are using the same implementation, they could have configured or compiled it differently which could mean a given bug is harder or impossible to exploit.
Look at exploits which have come out for cross platform software over the years, you would frequently have different offsets for different builds or even significantly different exploits for the same underlying bug.
Re: (Score:2)
Re: Stop using iPhones if you need security. (Score:1)
If you crack one iPhone, you've cracked all of them. That, and Apple has a VERY BAD track record of having code execution vulnerabilities in their software (especially iOS and Safari.)
Re: (Score:1)
Re: (Score:2)
If they have an exploit apple is unaware of, how is apple supposed to patch it, even with successive hardware revisions which are based on the previous ones? Besides, most of the exploits are done via iOS and/or Safari vulnerabilities rather than hardware vulnerabilities.
That said, let's do a little comparison:
Android CVEs for code execution, all time:
https://www.cvedetails.com/vul... [cvedetails.com]
Total: 832
(Note that a huge portion of this list is only for vendor specific implementations. Most of these vulnerabilities o
Re: That country is not your friend. (Score:2, Insightful)
Re: That country is not your friend. (Score:1)
Re: (Score:2)
I'm choosing to take your comment literally, since that's the way you phrased it.
If they could they would treat you just like they do Palestine.
In point of fact, they could have and didn't. When I visited, I even took a principled stand which could have served as an excuse for them to revoke my visa if they had really wanted to do so. Of course that didn't happen. If my geographic region were treating Israel to rocket launches and suicide bombs, things probably would have been different.
Re: (Score:2)
When I visited, I even took a principled stand which could have served as an excuse for them to revoke my visa if they had really wanted to do so.
What was the "principled stand?" Did you say you were pro-BDS? No? Then the guys at the airport don't care - you're irrelevant to them, and if you get in the way of the settlers or the IDF, they will casually murder you and paint you as an extremist who tried to kill them. The US government will support them - they cannot stop support of Israel for something as trivial as the murder of a US citizen. The US-Israeli alliance is far stronger than a dozen Rachel Corries (https://en.wikipedia.org/wiki/Rache
Techcrunch Link is not for this story (Score:4, Informative)
https://www.reuters.com/techno... [reuters.com]
Who? (Score:2)
Does Israel not spy on us on a constant basis? Do we not do the same to them? It seems like the primary users of an Israeli company's spyware would be people in Israel, and if it's hard to obtain it's more likely to be from the government than a private hacking group.
Re: (Score:1)
It seems like the primary users of an Israeli company's spyware would be people in Israel, and if it's hard to obtain it's more likely to be from the government than a private hacking group.
You haven't been paying attention, have you? Use of NSO Pegasus spyware. [wikipedia.org]
Re: (Score:2)
The NSO group doesn't operate the spyware themselves. They sell it. And like some weapons dealers, they are being judged by who they sell it to and how the product is used. They do vet their customers, but whatever checks are in place seem to be insufficient.
I wonder if they'd still be getting so much criticism if they didn't vet their customers? I don't see gun manufacturers come under this much criticism. (I think the difference is actually that NSO is peerless. If there were twenty manufacturers of effec
Re: (Score:2)
Well, given that Apple is trying to make repairing their phones harder and harder without paying them 50% of the cost of a new phone so that you will upgrade when you break your screen instead of repairing it and them deciding what you can install on the phone, not allowing certain features line NFC to be used by competitors and so on, I think we are indeed getting towards a situation where the phones are Apple's and you just pay for the rights to some uses.
I thought NSO said they do NOT target US citizens (Score:2)
Funny.. (Score:2)