Apple iOS Trident exploit: Here is everything you need to know before updating your iPhonehttps://indianexpress.com/article/technology/tech-news-technology/apple-ios-trident-exploit-all-you-need-to-know-about-the-iphone-spyware/

Apple iOS Trident exploit: Here is everything you need to know before updating your iPhone

Apple's iOS has a serious security flaw with a new vulnerability called Trident that can be used to spy on an iPhone.

Apple, Apple iOS 9, Apple iPhone spyware, Apple iPhone security flaw, Apple Trident vulnerability, Apple IOS update, Apple iOS 9.3.5 update, Apple OS security, Apple iPhone spyware
Apple iOS 9 Trident vulnerability: How the iPhone had a spyware problem. Human rights activist Ahmed Mansoor shows Associated Press journalists a screenshot of a spoof text message he received in Ajman, United Arab Emirates. (Source: AP)

Apple’s iOS 9 had a security flaw with a new zero-day vulnerability called Trident, which could allow the iPhone to be jailbroken, and then used to spy on the customer. But Apple, which is known to take device security very seriously, has responded to threat quickly and issued a new security update 9.3.5 for iOS users.

The issue was discovered after a Human Rights Activist in UAE Ahmed Mansoor got a suspicious message on his iPhone asking him to open a link, which would give details of torture in the UAE prisons. But Mansoor reported the issue to Citizen Lab, an internet watchdog, who eventually discovered the flaw. The UAE activist suspected an attack and was also targeted in the recent past by spyware due to his vociferous and public support for Human Rights in his homeland.

Now Citizen Lab and LookOut, which is another mobile security firm, have put out detailed blog posts on Trident, the zero-day exploit which affects iPhones and iPads, and can be used to install sophisticated spyware. For all iPhone users, the new update is a must, say both firms.

Interestingly, the firms have traced the potential spyware to an Israeli firm called NSOGroup, which is known for selling these to governments, in order to fight ‘cyber-terrorism.’ It is also believed to behind Pegasus, a spyware suite, sold exclusively to government agencies and used in phishing attacks via SMS.

Advertising

It is believed the Pegasus spyware was sent to Mansoor’s iPhone via the malicious link.  Once done, all of his calls, messages, emails, etc would have been recorded and sent to the spying agency.

According to the blogpost from LookOut, Trident attack uses “three zero-day vulnerabilities” on iOS to hack into an iPhone or iPad. Lookout says it can silently collect information from apps including Gmail, Facebook, Skype, WhatsApp, Calendar, FaceTime, Line, Mail.Ru, and others.

Also read: Apple iPhone spyware: How this Middle-East Activist discovered a major flaw

So how can WhatsApp be spied upon, even though the app is end-to-end encrypted? End-to-end encryption on any app doesn’t protect your data if the device is already compromised at a root level. Any application which gains privilege access to your root kernel is probably spying on all the other apps and their data.

According to Citizen Labs, Trident manages to gain access at this level, and also disables updates from Apple, and removes any other jailbreak, making sure the spyware suite is installed on the iPhone.

Apple, Apple iOS 9, Apple iPhone spyware, Apple iPhone security flaw, Apple Trident vulnerability, Apple IOS update, Apple iOS 9.3.5 update, Apple OS security, Apple iPhone spyware
Human rights activist Ahmed Mansoor speaks to Associated Press journalists in Ajman, United Arab Emirates. (Source: AP)

In a separate post, Citizen Lab points out the exact vulnerabilities, which are used by Trident to install spyware on the system. These are listed below:

CVE-2016-4657: Visiting a maliciously crafted website may lead to arbitrary code execution
CVE-2016-4655: An application may be able to disclose kernel memory
CVE-2016-4656: An application may be able to execute arbitrary code with kernel privileges

According to LookOut, Pegasus’ attack begins with an SMS which has a malicious link (usually relies on “anonymized domains”) and then the malware is installed on the iPhone.

Worryingly this spyware can even activate the iPhone’s camera, microphone and thus listen in on conversations around the device, track a victim’s movement, steal messages, etc, and converts the iPhone into a sophisticated spying tool.

According to LookOut, while normal individuals might not be at risk, since Pegasus carries a high price, CEOs, CTOs of firms need to watch out well as enterprises where there are security risks involved.

Read more: Apple issues iOS 9.3.5 security update, after activist discovers iPhone spyware

Citizen Lab also says such exploits are rare and expensive, and the iPhone security reputation means “technically sophisticated exploits” are needed to install such spyware. Citizen Lab also says if Mansoor has clicked on the link the spyware would have recorded his WhatsApp and Viber calls as well as data from Skype, Facebook, KakaoTalk, Telegram, and others. Even usually secure services would have failed because the spyware attacks the iPhone at a root level, which in most cases is inaccessible by design.

The attack is carried out in three stages, and “Trident is re-run locally on the phone at each boot, using the JavaScriptCore binary.”

Advertising

Both LookOut and Citizen Lab have praised Apple for being very responsive and patching Trident in its 9.3.5 update, and recommend all iPhone users should immediately get on the new version of the OS.