Spyware made by NSO Group deployed on iPhones with the latest software

iMessage flaws used to target journalists and activists

Zero-click flaw exploited on iPhones with the latest softwareThe Israeli-based firm targets activists and journalists and successfully hacks iPhones.

A recent report of non-governmental, human rights organization Amnesty International and non-profit project Forbidden Stories showed the findings of spyware made by Israeli surveillance firm NSO Group and deployed on iPhones which are running with Apple's latest iOS release. Such exploit was made using a zero-day zero-click iMessage flaw and ended successfully.

At the moment, it seems that activists and journalists are being targeted as evidence of exploit came from the observation of compromised iPhone XR of an Indian journalist running iOS 14.6. Moreover, Amnesty International has confirmed an active infection of the iPhone X of an activist (CODE RWHRD1), also running iOS 14.6[1].

An academic research lab called Citizen Lab also revealed that an independent review of previous reports is accurate and important. Citizen Lab also observed NSO Pegasus spyware deployed on an iPhone 12 Pro Max running iOS 14.6 (the OS's latest release), hacked via a zero-day zero-click iMessage exploit, which does not require interaction from the target.

Apparently, a zero-click iMessage attack led Pegasus to be installed on an iPhone SE2 phone running iOS version 14.4 and an iPhone SE2 device running iOS 14.0.1 as well[2]. The goal for such spying practices remains unknown as of right now. However, there is a history of similar activities.

Crime and terror investigation group uses zero-click attacks

It is stated that detected spyware came from NSO Group Pegasus, which is marketed as a surveillance tool and is licensed to legitimate government agencies for the sole purpose of investigating crime and terror. However, Amnesty International states that these statements are incorrect.

This Forensic Methodology Report shows that the Pegasus Project is a collaborative investigation that involves more than 80 journalists from 17 media organizations in 10 countries. As Amnesty International has performed an analysis of mobile devices from human rights defenders and journalists worldwide, persistent and ongoing surveillance was uncovered[3].

The more in-depth analysis carried by Amnesty International Security Lab showed that The Pegasus attacks took place for quite some time now: from 2014 up to as recently as July 2021. Such actions include “zero-click” attacks which do not require any interaction from the target.

A zero-click attack's vulnerability affects the Mail app in Apple iPhones and iPads. In that way, cyber attackers could trigger the vulnerability by sending a carefully crafted message to a target’s mailbox. When the target opens the message in the iOS application, the vulnerability lets malicious actors infect the device remotely via emails that consume extensive memory[4].

Using zero-day vulnerabilities, The Pegasus spied on journalists

It is hardly the first instance of The Pegasus spyware's exploitations of journalists and even politicians. A few years ago, the infamous group was caught in the legal battle with Facebook for creating and selling a WhatsApp zero-day exploit. Said exploit was later used to hack and infect the devices of high-profile targets such as government officials and diplomats.

Apparently, tons of victims were targeted by the group in various countries across the globe, from Iran or Palestine to Spain or the United Kingdom. The list of people includes politicians, human rights activists, journalists, academics, embassy workers, and political dissidents.

Pegasus is spyware developed by NSO Group, an Israeli company specializing in what experts call cyber weapons. It first came to the limelight in 2016, when an Arab activist got suspicious after receiving a shady message. It was believed that Pegasus was targeting iPhone users[5].

A day later, an updated Apple iOS version was discovered, which reportedly patched the security loophole that Pegasus was used to hack phones. The zero-day exploit was later used numerous times to hack high-profile institutions.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions