Recently, Google’s Threat Analysis Group uncovered a disturbing revelation about government hackers exploiting three unknown vulnerabilities in Apple’s iPhone operating system. The hackers utilized spyware developed by a European startup, Variston, to target unsuspecting victims. This discovery sheds light on the alarming use of sophisticated hacking tools by government entities.
Key Takeaway
Google’s revelation about government hackers exploiting iPhone vulnerabilities with spyware highlights the concerning use of advanced hacking tools to target individuals. The collaboration between Variston and other organizations, as well as the broader implications of targeted surveillance, underscores the need for concerted efforts to address such threats to freedom and privacy.
Exploiting iPhone “Zero-Days”
According to Google, the government hackers capitalized on three iPhone “zero-days,” which are vulnerabilities not known to Apple at the time of exploitation. Variston’s surveillance and hacking technology was at the center of this alarming revelation. The hackers deployed these zero-days to target iPhones in Indonesia, using SMS text messages containing malicious links to infect the victims’ devices with spyware. The victims were then redirected to a news article by the Indonesian newspaper Pikiran Rakyat. Google’s report did not disclose the identity of Variston’s government customer in this particular case.
Variston’s Collaborations and Connections
Variston’s collaboration with other organizations to develop and deliver spyware has raised significant concerns. Google identified one of these organizations as Protect Electronic Systems, based in the United Arab Emirates. Protect Electronic Systems, also known as Protected AE, is described as a cutting-edge cybersecurity and forensic company. The collaboration between Variston and Protect Electronic Systems underscores the global reach and impact of such surveillance and hacking activities.
European Spyware Makers’ Expansion
While the spotlight has often been on Israeli companies like NSO Group, Candiru, and QuaDream, Google’s report highlights the expanding reach and capabilities of European spyware makers. The report mentions several European companies, including Variston, Cy4Gate, RCS Lab, and Negg, as examples of newer entrants into the market. These companies have been linked to targeted surveillance of journalists, dissidents, and politicians, prompting Google’s commitment to disrupting hacking campaigns associated with their tools.
Impact on Freedom of Speech and Privacy
Google’s report emphasizes the real-world implications of such targeted surveillance, particularly on journalists, human rights defenders, dissidents, and opposition party politicians. The use of spyware against these “high-risk users” poses a significant threat to freedom of speech, a free press, and the integrity of elections worldwide. The report underscores the broader implications of such focused targeting, extending beyond the immediate victims to impact global freedom and democracy.