The iPhone of an Egyptian presidential candidate, Ahmed Eltantawy, was hacked for the second time, leveraging a series of previously unknown iOS vulnerabilities. According to researchers from Citizen Lab at the University of Toronto’s Munk School, the attack was facilitated by the Egyptian government, using spyware known as Predator, sold by a company named Cytrox. The campaign also involved hardware from Egypt-based Sandvine.
The attack was executed through “clickless” vulnerabilities, which redirected the target’s phone to a malicious website when he visited any HTTP site. This was achieved using a packet inspection device on an Egyptian cellular network, which monitored for connections from Eltantawy’s phone. Once connected, the exploit chain was triggered, installing the Predator spyware without any further action from the user.
Google’s Threat Analysis Group revealed that the attackers also had a separate exploit for Android devices, which Google patched earlier in September. The iOS vulnerabilities, patched in versions 16.7 and 17.0.1, included remote code execution in Safari, a PAC bypass, and a local privilege escalation in the XNU Kernel.
Citizen Lab emphasized the gravity of using mercenary spyware against a senior member of a country’s democratic opposition, especially after announcing their intention to run for president. Such actions are seen as a direct interference in free and fair elections, violating rights to freedom of expression, assembly, and privacy.
The attack’s complexity was highlighted by its use of three separate iOS vulnerabilities and hardware from Sandvine. Despite the sophisticated approach, the attack could be blocked by turning on Apple’s “Lockdown” feature, introduced in iOS the previous year.
Source: Arstechnica
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.