A recent report by security firm Citizen Lab points to the discovery of a new zero-day attack on Apple iMessage exploited to infect affected devices with the dangerous Pegasus spyware, developed by NSO Group. This wave of attacks was detected in Bahrain and at least 9 targets have already been spotted, all identified as activists and users of iPhone devices.
The spy tool was installed on these devices after successfully exploiting two zero-click failures in iMessage; the term “zero click” means that exploiting the vulnerabilities requires no interaction from the target user. The exploits employed in this campaign have been identified as FORCEDENTRY and 2020 KIMSET.
The researchers tested a Pegasus infection using an iPhone Pro Max with iOS 14.6, the latest version of the iOS system, finding that these zero-click attacks are fully functional even on the latest Apple devices.
As you may recall, NSO Group sells Pegasus spyware primarily to state actors, regardless of whether they are governments characterized by their constant violations of the human rights of political opponents, activists and journalists.
Anyone would think that the risk of infection can be mitigated by simply disabling iMessage and Facetime, however, it is important to remember that NSO Group can compromise many other functions or applications on the infected device, including the popular messaging app WhatsApp.
Considering the lines above, the only method that could eliminate this risk definitively is for Apple to address the flaws exploited by FORCEDENTRY and 2020 KIMSET. In the meantime, NSO Group could continue to rack up successful attacks.
This is just one more report in the long list of scandals involving NSO Group. A couple of years ago, Facebook sued the Israel-based company over the sale of a zero-day exploit to compromise smartphones via WhatsApp; this attack would have involved people of interest such as diplomats, journalists and activists.
Although Pegasus’ existence and purposes have been known for years, this spyware was again in the news due to a report published by the non-governmental organization (NGO) Amnesty International, which revealed details such as NSO Group’s government clients and possible targets of the infection.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
