Rep. Ted Lieu, who has a degree is computer science, urged his colleagues Thursday to hold a hearing on mobile phone security after Apple rushed to repair critical iPhone vulnerabilities reportedly being leveraged by state-sponsored hackers.
The California Democrat was among the first lawmakers to formally weigh in this week after Apple asked its users to install an iPhones update that patches previously undisclosed security flaws affecting iOS 9.
The bugs were discovered two weeks earlier when an acclaimed human rights activist received suspicious messages on his mobile device instructing him to click a link, and security researchers subsequently determined that his phone had been targeted with sophisticated spying software that aimed to give attackers full access to his digital data.
A member of the Senate’s Subcommittee on Information Technology, Mr. Lieu said in a statement Thursday that he was alarmed but not surprised by the report, which said the activist’s iPhone had likely been targeted by government-hired hackers working on behalf of the United Arab Emirates.
“The fact that over two-thirds of adults in the United States own a smartphone makes the device a natural target for bad actors, and we as a nation have thus far failed to take the threat seriously,” he said in a statement.
“I am pleased that Apple was able to quickly address this security breach, but it is clear that Congress must do more to address the issues of mobile security. I believe a congressional hearing is in order and plan to work with my colleagues to examine these critical security concerns,” the lawmaker added.
Apple’s latest iOS update was rolled-out Thursday less than two weeks after a cache of source code was separately published online by individuals who said the data came courtesy of “The Equation Group” — a sophisticated cyber-espionage squad widely believed to be a faction of the U.S. National Security Agency.
Computer scientists have since stated the data indeed appears to be the blueprints for NSA hacking tools and have demonstrated how they can be deployed against certain types of hardware in order to compromise targeted networks and conduct surveillance.
While the Equation Group files purportedly contain hacking tools used by the U.S. government for national security purposes, the researchers who discovered the Apple vulnerabilities patched this week traced the attack against the human rights activist to the NSO Group, an Israeli-based security firm that has previously been accused of touting products to agencies in the U.S. and Mexico, among others.
Under the Vulnerability Equities Process implemented in 2014, the White House has established a framework for determining whether or not tech companies should be notified in the event that the government finds a way to exploit their products. The NSA told Reuters last year that it has notified vendors about more than 91 percent of the vulnerabilities its discovered.
Mr. Lieu said, however, the Obama administration has fallen short with respect to making the equities process as efficient as possible, all while private sector companies like the NSO Group — or “digital arms dealers” as the congressman’s office calls them — stockpile their own exploits to sell to the highest bidder.
“I also again urge the Administration to disclose the criteria used in determining whether to notify cyber vulnerabilities to private sector companies rather than hoard and conceal the vulnerabilities. Whatever our government may do in terms of using cyber malware, others will do to American citizens. The best protection for the United States and our people is to have secure systems,” he said Thursday.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.