Hackers were able to use Israeli company’s NSO Group’s tool via iMessage due to a new vulnerability
After cyber security researchers discovered a new flaw allowing hackers to deploy Israeli firm NSO Group’s spyware tool through iMessage, Apple issued an emergency software update.
The security flaw was identified by researchers at the University of Toronto’s Citizen Lab after they analysed the iPhone of a Saudi activist who had been infected with spyware developed by NSO. Apple issued a patch on Monday to fix the security vulnerability.
The vulnerability enables hackers to gain access to a target’s iPhone, Mac computer, or Apple Watch via iMessage without the user having to click on a malicious link, according to Citizen Lab. The researchers have called the exploit “FORCEDENTRY,” which is a “zero-click” attack.
The report noted that NSO, the company had “used the vulnerability to remotely exploit and infect the latest Apple devices” with its spyware, known as Pegasus, “since at least February 2021”
NSO develops and sells its off-the-shelf software exploits to government organisations. It was founded in 2010 and gained prominence in 2019 when it was revealed that the group could “drop its payload” of malware on unsuspecting iPhones and Android phones by ringing a person through WhatsApp.
In a statement on Monday, the company said “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime.”
Citizen Lab announced the discovery of yet another previously unknown Apple hardware vulnerability “illustrates that companies . . . are facilitating ‘despotism-as-a-service’ for unaccountable government security agencies. Regulation of this growing, highly profitable, and harmful marketplace is desperately needed.”
Apple said it was releasing the patch because “processing a maliciously crafted PDF may lead to arbitrary code execution”. Apple added it was “aware of a report that this issue may have been actively exploited”.
Nonetheless, the news could tarnish iOS’s reputation as a more secure mobile operating system than Android. Apple has long stated that no system is completely safe from hackers.
Citizen Lab said chat apps in particular had become “a major target for the most sophisticated threat actors, including nation-state espionage operations and the mercenary spyware companies that service them”.