NSO Group Linked to New Spyware Attack on Apple Devices

Posted on September 14, 2021 at 2:01 PM

NSO Group Linked to New Spyware Attack on Apple Devices

A security report from Citizen Lab has revealed that an Israeli spyware company, NSO Group, has gained access to iPhones and other iOS devices. The exploit has been happening since February 2021.

The exploit was discovered on Monday and was detected in the mobile phone of a Saudi activist. On Monday, Apple released an update to fix the vulnerability that was being exploited.

However, experts have stated that the quickness at which Apple fixed the vulnerability on its operating systems has downplayed the “absolute seriousness” of the threat.

NSO Group’s Spyware

Commenting on the exploit, John Scott-Railton, a senior researcher at Citizen Lab, stated that, “Today is going to be a rough day at NSO because the lights are going to go out on one of their most productive exploits.”

The spyware created by NSO Group has been named “Pegasus.” Once it is successfully executed, the spyware can gain access to personal details stored on the phone. The spyware can also intercept messages and calls and even implement a listening bug on the phone.

According to NSO Group, the Pegasus spyware can only be used by law enforcement agencies with the proper licensing. The spyware is used to investigate criminals and terrorists. However, the Pegasus spyware has been misused by governments to target journalists and human rights activists.

In its response, the NSO Group stated that it “will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime.”

Citizen Lab researchers stated that there was ample evidence to show that NSO Group spearheaded the recent exploit on Apple devices. The spyware reveals several “distinctive evidence” that points to this. Citizen Lab also detected a bug that has only been linked to the Pegasus spyware from NSO Group.

Researchers from Citizen Lab also stated that the spyware had process names that link back to an attack conducted by NSO Group to spy on an Aljazeera journalist in July 2020.

NSO Group maintains a high level of confidentiality regarding its clients. However, after the expose by Citizens Lab regarding the use of Pegasus spyware to infiltrate Aljazeera journalists in 2020, the NSO Group terminated its contract with Saudi Arabia.

Apple’s Response to the Attack

The recent revelations by Citizen Lab are not good for Apple. Forensic reports on the attacked mobile phones have found that the attack is not limited to older iPhones. The data shows that even the latest and up-to-date devices are still prone to attacks by the Pegasus spyware.

According to Ivan Krstic, the head of Apple security engineering and architecture, “After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed a fix in iOS 14.8 to protect our users. We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly.”

He also stated that such attacks come with a high level of sophistication and require a lo9t of resources to execute. However, he stated the attacks are short-lived, and their intended targets are specific persons. While the attacks are not threatening to a wide range of users, Krstic stated that he would continue working around the clock to protect Apple users. 

According to a statement published by Citizen Lab, Apple had worked on releasing a patch for the vulnerability on Monday. Apple users have also been advised to update their devices, including the iOS devices that use versions later than 14.8.

The recent exploit reported by Citizen Lab was titled the “zero-day” vulnerability that allows those using the spyware to infiltrate a device without the user of the phone detecting that their mobile phone has been hacked. 

The FORCEDENTRY exploit has exploited a weak point on the iMessage feature that allows the mobile phone to send corrupted files to the affected phones. The corrupt files were displayed as GIF extensions, but in the real sense, there were Adobe PDF files that ran malicious code.

The researchers also added that “our latest discovery of yet another Apple zero-day employed as part of NSO Group’s arsenal further illustrates that companies like NSO Group are facilitating ‘despotism-as-a-service’ for unaccountable government security agencies.

Bill Marczak discovered the Citizen Lab discovery on the exploit on Apple devices. He stated that the report exposed the need to install security features in messaging applications because these apps were the main target of hackers. “Without intense engineering focus, we believe that they will continue to be heavily targeted and successfully exploited,” Marczak added.

Summary
NSO Group Linked to New Spyware Attack on Apple Devices
Article Name
NSO Group Linked to New Spyware Attack on Apple Devices
Description
A security report from Citizen Lab has revealed that an Israeli spyware company, NSO Group, has gained access to iPhones and other iOS devices. The exploit has been happening since February 2021.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Aug 30, 2023
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Aug 22, 2023
High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs
Koddos

Newsletter

Get the latest stories straight
into your inbox!

Popular Articles

Aug 30, 2023
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Aug 29, 2023
Compromised routers allowed online criminals to target Pentagon contract site
Aug 28, 2023
1.2 million customers of Mom’s Meals were affected after the recent data breach
Aug 28, 2023
How VPNs Can Defend Against the Threat of Hacking
Aug 23, 2023
Terra Developers Shut Down Website Amid A Phishing Campaign

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading