Google's Threat Analysis Group (TAG) disclosed that government hackers leveraged three undisclosed vulnerabilities in Apple's iPhone operating system to target users with spyware developed by the European startup Variston.?
These "zero-days," previously unknown to Apple, were exploited by hackers as part of a specific campaign. Variston, specializing in surveillance and hacking technology, had its malware analyzed by Google in 2022 and 2023.?
In March 2023, Google identified a previously unknown Variston customer using zero-day exploits to target iPhones in Indonesia, highlighting ongoing concerns about state-backed hacking and surveillance tools.
The attackers employed a tactic involving the delivery of a malicious link via SMS text messages to infect the target's iPhone with spyware. After infection, the victim was redirected to a news article published by the Indonesian newspaper, Pikiran Rakyat.?
Google's TAG is actively monitoring around 40 companies globally that sell surveillance software and exploits to government clients, with Variston being one of them.?
The report underscores the importance of addressing cybersecurity threats tied to state-backed hacking activities and the potential misuse of surveillance tools targeting journalists, dissidents, and politicians.
Google's revelation about government hackers exploiting Apple iPhone vulnerabilities adds a new layer to concerns about cybersecurity and state-sponsored espionage. The use of undisclosed flaws in Apple's operating system underscores the persistent challenge of securing widely-used devices against sophisticated attacks.?
Variston, the European startup implicated in the attack, has raised questions about the accountability of companies developing surveillance and hacking technologies.?
As Google continues to track around 40 such companies globally, the incident raises broader issues about the ethics and oversight of the spyware industry, particularly when it comes to selling to government entities engaged in targeted monitoring. The intersection of technology, cybersecurity, and privacy remains a complex and evolving landscape.
With IANS inputs