iPhones Running on latest iOS hacked to Set Up NSO Group Spyware

A Human privileges non-governmental association Amnesty International and non-profit Operation Forbidden Stories discovered in a new report that they discovered spyware created by Israeli surveillance firm NSO Group setup on iPhones running Apple’s latest iOS release, hijacked via zero-day-click iMessage exploits.

“Amensty International has observed clue of negotiate of the iPhone XR of an Indian journalist (CODE INJRN1) running in iOS 14.6 9(latest update at the time of writing) as currently on 16th June 2021,” the reports reads.

“Previously, Amnesty International has confirmed an ongoing infection of the iPhone X of an activist (CODE RWHRD1) on June 24th 2021, also working on iOS 14.6.”

“Most recently, a successful ‘zero-click’ attack has been discovered exploiting numerous of zero-day to attack a fully patched iPhone 12 running iOS 14.6 in July 2021.”

The NGO also said that it reported this information to Apple, who said that they are researching the matter.

“Attacks like the ones explained are more sophisticates, cost millions of dollars to produce, often have a short shelf of life, and are utilized to target specific individual,” Ivan Krstic, head of Apple Security Engineering and Architecture told.

“While that means they are not a threat to the devastating majority of our users, we continue to work tirelessly to safeguard all our customers, and we are constantly adding new security services for the devices and data.”

iPhones-Running-on-latest-iOS-hacked-to-Set-Up-NSO-Group-Spyware-image1

Researches Proved by Citizen Lab’s Associated Review

Bill Marczak, the research associate at academic research lab Citizen Lab, also discovered that an independent peer review of Amnesty’s report said that the forensic procedure is sound and led to additional clues supporting the report’s researches.

Citizen Lab was able to independently observe NSO Pegasus spyware set up on an iPhone 12 Pro Max running iOS 14.6 (the OS’s latest release), hijacked via a zero-day zero-click iMessage exploit, which does not need interaction from the target.

The investigators also found zero-click iMessage attacks that led to Pegasus being installed in an iPhone SE2 phone running iOS version 14.4 and an iPhone SE2 device running iOS 14.0.1.

“The mechanics of the zero-click exploits for iOS 14.x appear to be substantially different than the KISMET exploit for iOS 13.5.1 and iOS 13.7, advising that it is in fact a different zero-click iMessage exploit,” Citizen Lab added.

What is Pegasus?

Pegasus is a spyware tool developed by NSO Group and marketed as a surveillance tool “licensed to legitimate government agencies for the sole prospect of researching crime and terror.”

iPhones-Running-on-latest-iOS-hacked-to-Set-Up-NSO-Group-Spyware-image2

“These most recent searches shows NSO Group’s customers are recently able to remotely negotiate all recent iPhone models and versions of iOS,” Amnesty International and Forbidden Stories said in their report.

How NSO Group Spyware utilized in High-Profile Attacks?

This is just one of a long string of reports and papers documenting NSO Group’s Pegasus spyware being utilized to spy on human rights defenders (HRDs) and journalists worldwide.

For instance, two years ago, Facebook sued Israeli cyber-surveillance firm NSO Group and its parent company for creating and selling a WhatsApp zero-day exploit.

The zero-day exploit was later used to hijack and infect the devices of high-profile targets such as government officials, diplomats, and journalists with spyware.

Investigators at Citizen Lab revealed in 2018 that they discovered some Pegasus licenses using it actively for cross-border surveillance and in countries with a history of harmful behavior by state security services.

In collaboration with Microsoft, Citizen Lab also reported last week that they discover links between another Israeli surveillance firm known as Candiru to new Windows spyware dubbed DevilsTounge set up on a targeted computer via now patched Windows zero-day vulnerabilities.

“Candiru is a secretive Israel-based company that sells spyware exclusively to government, Citizen Lab said.” Microsoft investigators discovered “at least 100 victims in Palestine, Israle, Iran, Lebanon, Yemen, Spain, United Kingdom, Turkey, Armenia, and Singapore.” The list of victims including politicians, human privileges activists, journalists, academics, embassy workers, and political dissidents.

Leave a Reply