Indonesian Government and Military Targeted by Phone Spyware

Apple has warned a string of senior officials and advisors working for the Indonesian government and military that state-sponsored hackers attempted to install spyware on their phones last year, according to six victims who spoke to Reuters. The source of the attack has not been identified but more than 12 individuals were targeted, including Chief Economic Minister Airlangga Hartarto (pictured).

The hackers used an exploit called FORCEDENTRY that was developed by Israeli spyware business NSO Group. FORCEDENTRY took advantage of a vulnerability in iPhones that allowed hackers to install software without any interaction with the phone’s user; Apple has since released a security patch to address the flaw. The exploit was used by hackers during most of 2021 until its use was discovered by privacy researchers at The Citizen Lab, an interdisciplinary initiative at the University of Toronto.

A spokesperson for Airlangga Hartarto’s ministry denied that Apple had sent any warnings about attempted hacking relating to the minister’s official email account. However, much of what the spokesperson said was borderline nonsense, if Reuters’ report is accurate. The likeliest explanation is that she was not competent to give meaningful answers to the questions posed by Reuters.

NSO Group told Reuters that it was “contractually and technologically impossible” for NSO Group software to have been used for this attack. The Israeli business routinely claims to impose strict limits on who may use its products. Nevertheless, it is easy to be cynical about a business that bandies around words like ‘contractually impossible’ when this is an oxymoron.

NSO Group recently announced it was laying off staff and restructuring its business. The company is under fire from multiple directions including Apple, which is suing NSO Group for violating the terms of its use for its products.

You have to be arrogant, greedy or stupid not to realize the destabilizing impact if everybody’s phones can be turned into monitoring devices for whomever possesses the right software. The sooner that insidious scumbags like NSO Group are shut down, the better.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.