BOSTON (AP) — A number one Egyptian opposition politician was focused with spy ware a number of occasions after asserting a presidential bid — together with with malware that mechanically infects smartphones, safety researchers have discovered. They are saying Egyptian authorities had been seemingly behind the tried hacks.
Discovery of the malware last week by researchers at Citizen Lab and Google’s Risk Evaluation Group prompted Apple to rush out operating system updates for iPhones, iPads, Mac computer systems and Apple Watches to patch the related vulnerabilities.
Citizen Lab stated in a blog post that makes an attempt starting in August to hack former Egpytian lawmaker Ahmed Altantawy concerned configuring his telephone’s connection to the Vodaphone Egypt cell community to mechanically infect it with Predator spy ware if he visited sure web sites not utilizing the safe HTTPS protocol.
Citizen Lab stated the hassle seemingly failed as a result of Altantawy had his telephone in “lockdown mode,” which Apple recommends for iPhone customers at excessive danger, together with rights activists, journalists and political dissidents in international locations like Egypt.
Prior to that, Citizen Lab said, attempts were made beginning in May to hack Altantawy’s phone with Predator via links in SMS and WhatsApp messages that he would have had to click on to become infected.
Once infected, the Predator spyware turns a smartphone into a remote eavesdropping device and lets the attacker siphon off data.
Given that Egypt is a known customer of Predator’s maker, Cytrox, and the spyware was delivered via network injection from Egyptian soil, Citizen Lab said it had “high confidence” Egypt’s government was behind the attack.
Bill Marczak of the University of Toronto-based internet watchdog obtained the exploit chain with Google researcher Maddie Stone.
“It’s scary the fact that the government can essentially select anyone on Vodafone Egypt’s network and perhaps other networks for infections and they just flip a switch” and select them for targeting, he said. Marczak said “the most likely scenario here is that, yes, there is this cooperation from from Vodafone.”
In a separate incident in 2021, Citizen Lab determined that Altantawy — who announced his candidacy in March — was successfully hacked with Predator.
Egyptian officials did not respond Saturday to requests for comment.
Altantawy, a former journalist, announced in March his bid to challenge incumbent President Abdel Fatah el-Sissi in 2024, who has overseen a sharp crackdown on political opposition. Rights groups accuse el-Sissi’s administration of targeting dissent with brutal tactics — forced disappearances, torture and long-term detentions without trial.
Altantawy, family members and supporters have complained of being harrassed, which led him to ask Citizen Lab researchers to analyze his phone for potential spyware infection.
Altantawy said Saturday in written responses to questions relayed by a trusted intermediary, who requested anonymity for personal security, that he contacted Citizen Lab after receiving a series of suspicious and anonymous messages embedded with links he suspected were malicious.
He said he believed the hacking attempts were “inextricably linked to my political candidacy and my opposition role in the country against the Sisi regime” and sought “not only to surveil, but perhaps also to find compromising material that could be used to discredit or defame me.”
Altantawy also said the incident raises questions about whether telecommunications companies operating in Egypt might be complicit.
Previously, Citizen Lab documented Predator infections affecting two exiled Egyptians, and in a joint probe with Facebook determined that Cytrox had clients in international locations together with Armenia, Greece, Indonesia, Madagascar, Oman, Saudi Arabia and Serbia.
In July, the U.S. added Predator’s maker, Cytrox, to its blacklist for growing surveillance instruments deemed to have threatened U.S. nationwide safety in addition to people and organizations worldwide. That makes it unlawful for U.S. corporations to do enterprise with them. Israel NSO Group, maker of the Pegasus spy ware, was equally sanctions in November 2021. The reported use of Predator in Greece helped precipitate the resignation final 12 months of two high authorities officers, together with the nationwide intelligence director.
The newest discovery brings to 5 the variety of zero-day vulnerabilities to Apple software program for which patches have been launched this month.