Posted on September 14, 2021 at 2:01 PM
NSO Group Linked to New Spyware Attack on Apple Devices
A security report from Citizen Lab has revealed that an Israeli spyware company, NSO Group, has gained access to iPhones and other iOS devices. The exploit has been happening since February 2021.
The exploit was discovered on Monday and was detected in the mobile phone of a Saudi activist. On Monday, Apple released an update to fix the vulnerability that was being exploited.
However, experts have stated that the quickness at which Apple fixed the vulnerability on its operating systems has downplayed the “absolute seriousness” of the threat.
NSO Group’s Spyware
Commenting on the exploit, John Scott-Railton, a senior researcher at Citizen Lab, stated that, “Today is going to be a rough day at NSO because the lights are going to go out on one of their most productive exploits.”
The spyware created by NSO Group has been named “Pegasus.” Once it is successfully executed, the spyware can gain access to personal details stored on the phone. The spyware can also intercept messages and calls and even implement a listening bug on the phone.
According to NSO Group, the Pegasus spyware can only be used by law enforcement agencies with the proper licensing. The spyware is used to investigate criminals and terrorists. However, the Pegasus spyware has been misused by governments to target journalists and human rights activists.
In its response, the NSO Group stated that it “will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime.”
Citizen Lab researchers stated that there was ample evidence to show that NSO Group spearheaded the recent exploit on Apple devices. The spyware reveals several “distinctive evidence” that points to this. Citizen Lab also detected a bug that has only been linked to the Pegasus spyware from NSO Group.
Researchers from Citizen Lab also stated that the spyware had process names that link back to an attack conducted by NSO Group to spy on an Aljazeera journalist in July 2020.
NSO Group maintains a high level of confidentiality regarding its clients. However, after the expose by Citizens Lab regarding the use of Pegasus spyware to infiltrate Aljazeera journalists in 2020, the NSO Group terminated its contract with Saudi Arabia.
Apple’s Response to the Attack
The recent revelations by Citizen Lab are not good for Apple. Forensic reports on the attacked mobile phones have found that the attack is not limited to older iPhones. The data shows that even the latest and up-to-date devices are still prone to attacks by the Pegasus spyware.
According to Ivan Krstic, the head of Apple security engineering and architecture, “After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed a fix in iOS 14.8 to protect our users. We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly.”
He also stated that such attacks come with a high level of sophistication and require a lo9t of resources to execute. However, he stated the attacks are short-lived, and their intended targets are specific persons. While the attacks are not threatening to a wide range of users, Krstic stated that he would continue working around the clock to protect Apple users.
According to a statement published by Citizen Lab, Apple had worked on releasing a patch for the vulnerability on Monday. Apple users have also been advised to update their devices, including the iOS devices that use versions later than 14.8.
The recent exploit reported by Citizen Lab was titled the “zero-day” vulnerability that allows those using the spyware to infiltrate a device without the user of the phone detecting that their mobile phone has been hacked.
The FORCEDENTRY exploit has exploited a weak point on the iMessage feature that allows the mobile phone to send corrupted files to the affected phones. The corrupt files were displayed as GIF extensions, but in the real sense, there were Adobe PDF files that ran malicious code.
The researchers also added that “our latest discovery of yet another Apple zero-day employed as part of NSO Group’s arsenal further illustrates that companies like NSO Group are facilitating ‘despotism-as-a-service’ for unaccountable government security agencies.
Bill Marczak discovered the Citizen Lab discovery on the exploit on Apple devices. He stated that the report exposed the need to install security features in messaging applications because these apps were the main target of hackers. “Without intense engineering focus, we believe that they will continue to be heavily targeted and successfully exploited,” Marczak added.