The iPhones of at least 11 U.S. Embassy employees in Uganda were recently hacked using spyware developed by Israel’s NSO Group.
“So far, this has been covered as a tech story and as an Israeli relations story. But this really is a spy story,” said Chris Risley, CEO at Bastille Networks.
“The striking thing about this discovery is that 11 phones were compromised at once. So, either 11 employees were tricked into clicking on the wrong link, or more likely, the spyware was installed using “Zero-Click” attacks.”
There’s a message here for corporations and organizations as well: Millions of vulnerable smartphones enter workplaces daily. Any smartphone can now be hacked invisibly. A hacked smartphone can be used as a portal into an enterprise’s most important secrets, earnings data, trading data, merger and acquisition data. It’s a new world of smartphone spyware. It is imperative to have security protocols in place to manage the secure use of smartphones in the workplace. If security teams didn’t think smartphones in the facility were an important threat yesterday, they certainly should think they are an important threat now.”
There are probably some rooms in the U.S. Embassy in Uganda where no cell phones were allowed and we can hope that those were the only places where classified conversations took place. If not, that embassy and every embassy around the world needs to have those phone free rooms and to enforce those rules starting immediately. Also, remember that it isn’t enough to “turn your phone off.” Spyware can turn your phone on.”