Budapest Post

Cum Deo pro Patria et Libertate
Budapest, Europe and world news

How A Saudi Woman's iPhone Revealed Hacking Around The World

How A Saudi Woman's iPhone Revealed Hacking Around The World

The discovery on Loujain al-Hathloul's phone last year ignited a storm of legal and government action that has put NSO on the defensive. How the hack was initially uncovered is reported here for the first time.

A single activist helped turn the tide against NSO Group, one of the world's most sophisticated spyware companies now facing a cascade of legal action and scrutiny in Washington over damaging new allegations that its software was used to hack government officials and dissidents around the world.

It all started with a software glitch on her iPhone.

An unusual error in NSO's spyware allowed Saudi women's rights activist Loujain al-Hathloul and privacy researchers to discover a trove of evidence suggesting the Israeli spyware maker had helped hack her iPhone, according to six people involved in the incident. A mysterious fake image file within her phone, mistakenly left behind by the spyware, tipped off security researchers.

The discovery on al-Hathloul's phone last year ignited a storm of legal and government action that has put NSO on the defensive. How the hack was initially uncovered is reported here for the first time.

Al-Hathloul, one of Saudi Arabia's most prominent activists, is known for helping lead a campaign to end the ban on women drivers in Saudi Arabia. She was released from jail in February 2021 on charges of harming national security.

Soon after her release from jail, the activist received an email from Google warning her that state-backed hackers had tried to penetrate her Gmail account. Fearful that her iPhone had been hacked as well, al-Hathloul contacted the Canadian privacy rights group Citizen Lab and asked them to probe her device for evidence, three people close to al-Hathloul told Reuters.

After six months of digging through her iPhone records, Citizen Lab researcher Bill Marczak made what he described as an unprecedented discovery: a malfunction in the surveillance software implanted on her phone had left a copy of the malicious image file, rather than deleting itself, after stealing the messages of its target.

He said the finding, computer code left by the attack, provided direct evidence NSO built the espionage tool.

“It was a game changer,” said Marczak “We caught something that the company thought was uncatchable.”

The discovery amounted to a hacking blueprint and led Apple Inc to notify thousands of other state-backed hacking victims around the world, according to four people with direct knowledge of the incident.

Citizen Lab and al-Hathloul's find provided the basis for Apple's November 2021 lawsuit against NSO and it also reverberated in Washington, where U.S. officials learned that NSO's cyberweapon was used to spy on American diplomats.

In recent years, the spyware industry has enjoyed explosive growth as governments around the world buy phone hacking software that allows the kind of digital surveillance once the purview of just a few elite intelligence agencies.

Over the past year, a series of revelations from journalists and activists, including the international journalism collaboration Pegasus Project, has tied the spyware industry to human rights violations, fueling greater scrutiny of NSO and its peers.

But security researchers say the al-Hathloul discovery was the first to provide a blueprint of a powerful new form of cyberespionage, a hacking tool that penetrates devices without any interaction from the user, providing the most concrete evidence to date of the scope of the weapon.

In a statement, an NSO spokesperson said the company does not operate the hacking tools it sells – “government, law enforcement and intelligence agencies do.” The spokesperson did not answer questions on whether its software was used to target al-Hathloul or other activists.

But the spokesperson said the organizations making those claims were “political opponents of cyber intelligence,” and suggested some of the allegations were “contractually and technologically impossible.” The spokesperson declined to provide specifics, citing client confidentiality agreements.

Without elaborating on specifics, the company said it had an established procedure to investigate alleged misuse of its products and had cut off clients over human rights issues.

Discovering The Blueprint


Al-Hathloul had good reason to be suspicious - it was not the first time she was being watched.

A 2019 Reuters investigation revealed that she was targeted in 2017 by a team of U.S. mercenaries who surveilled dissidents on behalf of the United Arab Emirates under a secret program called Project Raven, which categorized her as a “national security threat” and hacked into her iPhone.

She was arrested and jailed in Saudi Arabia for almost three years, where her family says she was tortured and interrogated utilizing information stolen from her device. Al-Hathloul was released in February 2021 and is currently banned from leaving the country.

Reuters has no evidence NSO was involved in that earlier hack.

Al-Hathloul's experience of surveillance and imprisonment made her determined to gather evidence that could be used against those who wield these tools, said her sister Lina al-Hathloul. “She feels she has a responsibility to continue this fight because she knows she can change things.”

The type of spyware Citizen Lab discovered on al-Hathloul's iPhone is known as a “zero click,” meaning the user can be infected without ever clicking on a malicious link.

Zero-click malware usually deletes itself upon infecting a user, leaving researchers and tech companies without a sample of the weapon to study. That can make gathering hard evidence of iPhone hacks almost impossible, security researchers say.

But this time was different.

The software glitch left a copy of the spyware hidden on al-Hathloul's iPhone, allowing Marczak and his team to obtain a virtual blueprint of the attack and evidence of who had built it.

“Here we had the shell casing from the crime scene,” he said.

Marczak and his team found that the spyware worked in part by sending picture files to al-Hathloul through an invisible text message.

The image files tricked the iPhone into giving access to its entire memory, bypassing security and allowing the installation of spyware that would steal a user's messages.

The Citizen Lab discovery provided solid evidence the cyberweapon was built by NSO, said Marczak, whose analysis was confirmed by researchers from Amnesty International and Apple, according to three people with direct knowledge of the situation.

The spyware found on al-Hathloul's device contained code that showed it was communicating with servers Citizen Lab previously identified as controlled by NSO, Marczak said. Citizen Lab named this new iPhone hacking method "ForcedEntry." The researchers then provided the sample to Apple last September.

Having a blueprint of the attack in hand allowed Apple to fix the critical vulnerability and led them to notify thousands of other iPhone users who were targeted by NSO software, warning them they had been targeted by “state-sponsored attackers.”

It was the first time Apple had taken this step.

While Apple determined the vast majority were targeted through NSO's tool, security researchers also discovered spy software from a second Israeli vendor QuaDream leveraged the same iPhone vulnerability, Reuters reported earlier this month. QuaDream has not responded to repeated requests for comment.

The victims ranged from dissidents critical of Thailand's government to human rights activists in El Salvador.

Citing the findings obtained from al-Hathloul's phone, Apple sued NSO in November in federal court alleging the spyware maker had violated U.S. laws by building products designed “to target, attack, and harm Apple users, Apple products, and Apple.” Apple credited Citizen Lab with providing "technical information" used as evidence for the lawsuit, but did not reveal that it was originally obtained from al-Hathloul's iPhone.

NSO said its tools have assisted law enforcement and have saved "thousands of lives." The company said some of the allegations attributed to NSO software were not credible, but declined to elaborate on specific claims citing confidentiality agreements with its clients.

Among those Apple warned were at least nine U.S. State Department employees in Uganda who were targeted with NSO software, according to people familiar with the matter, igniting a fresh wave of criticism against the company in Washington.

In November, the US Commerce Department placed NSO on a trade blacklist, restricting American companies from selling the Israeli firm software products, threatening its supply chain.

The Commerce Department said the action was based on evidence that NSO's spyware was used to target “journalists, businesspeople, activists, academics, and embassy workers.”

In December, Democratic Senator Ron Wyden and 17 other lawmakers called for the Treasury Department to sanction NSO Group and three other foreign surveillance companies they say helped authoritarian governments commit human rights abuses.

“When the public saw you had US government figures getting hacked, that quite clearly moved the needle,” Wyden told Reuters in an interview, referring to the targeting of US officials in Uganda.

Lina al-Hathloul, Loujain's sister, said the financial blows to NSO might be the only thing that can deter the spyware industry. “It hit them where it hurts,” she said.

AI Disclaimer: An advanced artificial intelligence (AI) system generated the content of this page on its own. This innovative technology conducts extensive research from a variety of reliable sources, performs rigorous fact-checking and verification, cleans up and balances biased or manipulated content, and presents a minimal factual summary that is just enough yet essential for you to function as an informed and educated citizen. Please keep in mind, however, that this system is an evolving technology, and as a result, the article may contain accidental inaccuracies or errors. We urge you to help us improve our site by reporting any inaccuracies you find using the "Contact Us" link at the bottom of this page. Your helpful feedback helps us improve our system and deliver more precise content. When you find an article of interest here, please look for the full and extensive coverage of this topic in traditional news sources, as they are written by professional journalists that we try to support, not replace. We appreciate your understanding and assistance.
Newsletter

Related Articles

0:00
0:00
Close
Severe Heatwave Claims 2,300 Lives Across Europe
Declining Beer Consumption Signals Cultural Shift in Germany
Emails Leaked: How Passenger Luggage Became a Side Income for Airport Workers
Polish MEP: “Dear Leftists - China is laughing at you, Russia is laughing, India is laughing”
Western Europe Records Hottest June on Record
BRICS Expands Membership with Indonesia and Ten New Partner Countries
Elon Musk Founds a Party Following a Poll on X: "You Wanted It – You Got It!"
China’s Central Bank Consults European Peers on Low-Rate Strategies
France Requests Airlines to Cut Flights at Paris Airports Amid Planned Air Traffic Controller Strike
Poland Implements Border Checks Amid Growing Migration Tensions
Emirates Airline Expands Market Share with New $20 Million Campaign
Amazon Reaches Milestone with Deployment of One Millionth Robot
Yulia Putintseva Calls for Spectator Ejection at Wimbledon Over Safety Concerns
House Oversight Committee Subpoenas Former Jill Biden Aide Amid Investigation into Alleged Concealment of President Biden's Cognitive Health
Amazon Reaches Major Automation Milestone with Over One Million Robots
Extreme Heat Wave Sweeps Across Europe, Hitting Record Temperatures
Meta Announces Formation of Ambitious AI Unit, Meta Superintelligence Labs
Robots Compete in Football Tournament in China Amid Injuries
China Unveils Miniature Insect-Like Surveillance Drone
Marc Marquez Claims Victory at Dutch Grand Prix Amidst Family Misfortune
Germany Votes to Suspend Family Reunification for Asylum Seekers
Budapest Pride Parade Draws 200,000 Participants Amid Government Ban
Southern Europe Experiences Extreme Heat
Xiaomi's YU7 SUV Launch Garners Record Pre-Orders Amid Market Challenges
Jeff Bezos and Lauren Sanchez's Lavish Wedding in Venice
Russia Launches Largest Air Assault on Ukraine Since Invasion
Massive Anti-Government Protests Erupt in Belgrade
Iran Executes Alleged Israeli Spies and Arrests Hundreds Amid Post-War Crackdown
Hungary's Prime Minister Criticizes NATO's Role in Ukraine
EU TO HUNGARY: LET THEM PRIDE OR PREP FOR SHADE. ORBÁN TO EU: STAY IN YOUR LANE AND FIX YOUR OWN MESS.
Hungarian Scientist to Conduct 30 Research Experiments on the International Space Station
NATO Members Agree to 5% Defense Spending Target by 2035
NATO Leaders Endorse Plan for Increased Defence Spending
U.S. Crude Oil Prices Drop Below $65 Amid Market Volatility
International Astronaut Team Launched to Space Station
Macron and Merz: Europe must arm itself in an unstable world
Germany and Italy Under Pressure to Repatriate $245bn of Gold from US Vaults
Iran Intensifies Crackdown on Alleged Mossad Operatives After Sabotage Claims
Trump Praises Iran’s ‘Very Weak’ Response After U.S. Strikes and Presses Israel to Pursue Peace
Oil Prices Set to Surge After US Strikes Iran
BA and Singapore Airlines Cancel Dubai Flights Amid Middle East Tensions
Trump Faces Backlash from MAGA Base Over Iran Strikes
Meta Bets $14 B on Alexandr Wang to Drive AI Ambitions
FedEx Founder Fred Smith, ‘Heart and Soul’ of the Company, Dies at 80
Chinese Factories Shift Away from U.S. Amid Trump‑Era Tariffs
Pimco Seizes Opportunity in Japan’s Dislocated Bond Market
Labubu Doll Drives Pop Mart to Status as China’s Most Valuable Toy Maker
Global Coal Demand Defies Paris Accord Goals
United States Conducts Precision Strikes on Iran’s Nuclear Sites
US strikes Iran nuclear sites, Trump says
×