Israeli spyware firm targeted Apple devices via iMessage, researchers say

Guardian Technology 14 Sep 2021 02:51

Security researchers at Citizen Lab have discovered an exploit that they believe has been used by government clients of NSO Group, the Israeli spyware company, to silently hack into iPhones and other Apple devices since February 2021.

The discovery, which was made as the researchers were examining the mobile phone of a Saudi activist, was shared with Apple, which on Monday released a patch to fix the vulnerability.

Researchers said the speed with which Apple was seeking to fix the vulnerability to its operating system, which in effect has allowed the latest iPhones and operating systems to be vulnerable to attack by NSO Group’s government clients, underscored the “absolute seriousness” of their findings.

“Today is going to be a rough day at NSO because the lights are going to go out on one of their most productive exploits,” said John Scott-Railton, a senior Citizen Lab researcher.

When it is successfully deployed against a target, NSO Group’s spyware, called Pegasus, can silently hack into a phone, collect a user’s personal and private information, intercept calls and messages, and even turn a mobile phone into a remote listening device.

Asked for comment, NSO Group issued a statement saying: “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime.”

“We believe that the bug is distinctive enough to point back to NSO,” Citizen Lab said in a blogpost.

NSO Group has said it cannot reveal the identity of its clients. But the Guardian has previously reported that NSO Group dropped Saudi Arabia as a client in the wake of Citizen Lab’s report that the kingdom was the likely culprit behind dozens of attacks against Al Jazeera journalists in 2020.

He added: “Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”

The exploit discovered by Citizen Lab is known as a “zero-day” vulnerability, which allows users of the spyware to infect a phone without the user having any idea that their mobile phones have been hacked. In this case, the FORCEDENTRY exploit used a weakness in Apple’s iMessage function to silently send corrupt files to a phone that appeared to be GIF extensions, but were actually Adobe PDF files containing malicious code.

Bill Marczak, who first discovered the exploit at Citizen Lab, said the findings also highlighted the importance of securing popular messaging apps, which were increasingly being used as a target by sophisticated threat actors.

Continue reading original article...


NSO GroupCitizen LabAppleCitizen LabRailton
You may also like