https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
Lots of details are there...
Cheers,
Scott.
1. Executive Summary
Ahmed Mansoor is an internationally recognized human rights defender, based in the United Arab Emirates (UAE), and recipient of the Martin Ennals Award (sometimes referred to as a “Nobel Prize for human rights”). On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product. NSO Group is reportedly owned by an American venture capital firm, Francisco Partners Management.
The ensuing investigation, a collaboration between researchers from Citizen Lab and from Lookout Security, determined that the links led to a chain of zero-day exploits (“zero-days”) that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware. We are calling this exploit chain Trident. Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.
We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find.
[...]
Mansoor quickly forwarded the messages to Citizen Lab researchers for investigation. He has good reason to be concerned about unsolicited messages: every year since 2011, Mansoor has been targeted with spyware attacks, including with FinFisher spyware in 2011 and Hacking Team spyware in 2012 (see Section 8: Ahmed Mansoor and Previous UAE Attacks).
[...]
3. NSO Group and the Pegasus Solution
The attack on Mansoor appears to have used Pegasus, a remote monitoring solution sold by NSO Group Technologies Ltd (see Section 6: Linking NSO Group Products to the Attack on Mansoor). NSO Group, based in Herzelia, Israel (CR# 514395409), develops and sells mobile phone surveillance software to governments around the world. The company describes itself as a “leader” in “mobile and cellular Cyber Warfare,” and has been operating for more than six years since its founding in 2010.
NSO Group appears to be owned by a private equity firm with headquarters in San Francisco: Francisco Partners Management LLC, which reportedly acquired it in 2014 after approval from the Israeli Defense Ministry. However, as of November 2015, Francisco Partners was reportedly exploring selling NSO Group, with a stated valuation of up to $1 billion. Interestingly, Francisco Partners previously invested in Blue Coat, a company selling network filtering and monitoring solutions, whose technology has been used by repressive regimes according to previous Citizen Lab research.
[...]
Lots of details are there...
Cheers,
Scott.