Ahmed Mansoor is a well-known and highly respected human rights activist, best known as one of the UAE Five and, as such, a highly intelligent man. So, when he got a text from an unknown number with a link claiming to offer proof of torture in state prisons, he assumed it was too good to be true and sent it to a University of Toronto security expert. What they uncovered wasn’t evidence of human rights violations, but a shocking cyberweapon designed to rip open an iPhone and take all of its data.
The link sent to Mansoor’s phone led to a piece of malware that would have used three separate iPhone loopholes to, essentially, open up all of Mansoor’s communications. Everything, from his phone calls and texts to his Facebook updates and his location, would have been available. Considering Mansoor lives in the UAE, and is a notorious thorn in the side of that state’s government, this would have been potentially dangerous not just for him, but anyone he met.
The good news is that you can fix this problem just by updating your iPhone. Apple was alerted to the problems and has fixed them as of today. The bad news is that it appears there’s a growing industry of what amounts to private spies who will sell software for cracking smartphones and computers to anybody with the cash on hand. Mansoor’s bit of malware likely cost at least $1 million. And this is really only a taste of what will happen; in the future — as it gets cheaper and easier to do this — we’ll all have to find ways to protect our stuff.
Mansoor, however, is a guide on what to do when you get something too good to believe. Hacking is not inevitable. In fact, most hacking hinges entirely on you and I being foolish enough to click on links in texts, to buy that Bill Gates is going to pay us for that email forward, to just give our banking information out without checking the address of the website.
If something seems too good to be true, don’t click it, and there’s nothing even the shiftiest hacker can do.
(via Motherboard)