AJMAN, United Arab Emirates—The suspicious text message that appeared on Ahmed Mansoor’s iPhone promised to reveal details about torture in the United Arab Emirates’s prisons. All Mansoor had to do was click the link.
Mansoor, a human-rights activist, didn’t take the bait. Instead, he reported it to Citizen Lab, an Internet watchdog, setting off a chain reaction that in two weeks exposed a secretive Israeli cyber-espionage firm, defanged a powerful new piece of eavesdropping software and gave millions of iPhone users across the world an extra boost to their digital security.
“It feels really good,” Mansoor said in an interview from his sand-colored apartment block in downtown Ajman, a small city-state in the United Arab Emirates. Cradling his iPhone to show The Associated Press screenshots of the rogue text, Mansoor said he hoped the developments “could save hundreds of people from being targets.”
Hidden behind the link in the text message was a highly targeted form of spyware crafted to take advantage of three previously undisclosed weaknesses in Apple’s mobile operating system.
Free reign
TWO reports issued on Thursday, one by Lookout, a San Francisco mobile-security company, and another by Citizen Lab, based at the University of Toronto’s Munk School of Global Affairs, outlined how the program could completely compromise a device at the tap of a finger. If Mansoor had touched the link, he would have given his hackers free reign to eavesdrop on calls, harvest messages, activate his camera and drain the phone’s trove of personal data.
Apple Inc. issued a fix for the vulnerabilities on Thursday, just ahead of the reports’ release, working at a blistering pace for which the Cupertino, California-based company was widely praised.
Arie van Deursen, a professor of software engineering at Delft University of Technology in the Netherlands, said the reports were disturbing. Forensics expert Jonathan Zdziarski described the malicious program targeting Mansoor as a “serious piece of spyware.”
A soft-spoken man who dresses in traditional white robes, Mansoor has repeatedly drawn the ire of authorities in the United Arab Emirates, calling for a free press and democratic freedoms. He is one of the country’s few human-rights defenders with an international profile, close links to foreign media and a network of sources. Mansoor’s work has, at various times, cost him his job, his passport and even his liberty.
Separate brands
ONLINE, Mansoor repeatedly found himself in the crosshairs of electronic eavesdropping operations. Even before the first rogue text message pinged across his phone on August 10, Mansoor already had weathered attacks from two separate brands of commercial spyware.
When he shared the suspicious text with Citizen Lab researcher Bill Marczak, they realized he’d been targeted by a third.
Image credits: AP