An American company traded in iPhone hacks via iMessage long before Pegasus
Just when the Israeli Pegasus spyware scandal somewhat receded from an iPhone user's mind, Apple was forced to issue an emergency iOS 14.8 update to address an iMessage vulnerability it exploited.
A similar exploit, however, has already been developed long ago by an American company, reports MIT, and sold to the United Arab Emirates for $1.3 million, giving the kingdom a powerful tool to spy on its targets.
The company in question is called Accuvant, now merged into Optiv, and the latest US Justice Department document files reveal how the sale was facilitated by a group of three former US military and intelligence service members, for which they are now fined $1.68 million by the DoJ.
According to the lead investigator of the scheme, Bryan Vorndran, assistant director of the FBI’s Cyber Division:
The FBI will fully investigate individuals and companies that profit from illegal criminal cyber activity. This is a clear message to anybody, including former US government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company - there is risk, and there will be consequences.
With Pegasus, it was easy to blame the culprit - an Israeli company that developed the spyware - but the sheer fact that an American firm did and then sold the latest iMessage exploit should be unnerving to anyone who owns an iPhone, heretofore thought of as less penetrable to such intrusions than Android handsets.
Accuvant alumni, for instance, left to found Grayshift, the tool which law enforcement uses to unlock your iPhone and snoop on your communications, as the market for such hacks is only growing in scope and importance, and it is no accident that iMessage is their primary target.
"The app is included by default on every Apple device. It accepts incoming messages from anyone who knows your number. There is no way to uninstall it, no way to inspect it, nothing a user can do to defend against this kind of threat beyond downloading every Apple security update as soon as possible," claim cybersecurity analysts. Bummer.
Things that are NOT allowed: