Government hackers targeted iPhone owners with zero-day vulnerabilities, according to a report from Google. The hackers exploited three unknown vulnerabilities in Apple’s iPhone operating system and used spyware developed by a European startup.
Google’s Threat Analysis Group, which investigates nation-backed hacking, analyzed several government campaigns conducted using hacking tools developed by various spyware and exploit sellers. In one campaign, government hackers took advantage of three iPhone zero-days, which are vulnerabilities not known to Apple at the time they were exploited.
These hacking tools were developed by Variston, a surveillance and hacking technology startup. Google discovered that Variston’s customer used these zero-days to target iPhones in Indonesia, delivering a malicious link via an SMS text message, which infected the target’s phone with spyware. The victim was then redirected to a news article by the Indonesian newspaper Pikiran Rakyat. The report does not disclose the identity of Variston’s government customer in this case.
READ: The dangers of online quizzes and social media games
Google’s report highlights the expanding reach and capabilities of European spyware makers, alongside Israeli companies like NSO Group, QuaDream, and Candiru. Google tracks around 40 spyware makers that sell exploits and surveillance software to government customers globally. The report also mentions Italian companies Cy4Gate, Negg, and RCS Lab, as examples of newer entrants into the market.
Google is committed to disrupting hacking campaigns conducted with these companies’ tools due to their link to targeted surveillance of journalists, dissidents, and politicians. The harm caused by these hacking campaigns threatens freedom of speech, a free press, and the integrity of elections worldwide.
Via: TechCrunch