© Reuters. FILE PHOTO: A man speaks on his iPhone in a cell phone shop in New Delhi, India, July 27, 2016. REUTERS / Adnan Abidi / File photo
By Joseph Menn and Christopher Bing
(Reuters) – An Israel-based cyber surveillance company developed a tool to break into Apple (NASDAQ 🙂 iPhones with unprecedented technology that has been in use since at least February, the Internet security watchdog group Citizen Lab said on Monday.
The discovery is important because of the critical nature of the vulnerability, which requires no user interaction and affects all versions of Apple’s iOS, OSX, and watchOS except those updated on Monday.
The tool developed by the Israeli company NSO Group defeats security systems developed by Apple in recent years.
Apple said it fixed the vulnerability in Monday’s software update, confirming Citizen Lab’s finding. https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild
“After Apple identified the vulnerability that this exploit was using for iMessage, Apple quickly developed and deployed a fix in iOS 14.8 to protect our users,” said Ivan Krstić, director of Apple Security Engineering and Architecture, in a Explanation. “Attacks like the one described are sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”
“While they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all of our customers and are constantly adding new safeguards to their devices and data,” he added.
An Apple spokesman did not want to comment on whether the hacking technology comes from the NSO Group.
In a statement to Reuters, NSO did not confirm or deny that it was behind the tech, simply saying that it “will continue to provide intelligence and law enforcement agencies around the world with life-saving technology to fight terror and crime.”
‘SOFT BASE OF DEVICE SECURITY’
Citizen Lab said it found the malware on an unnamed Saudi activist’s phone and that the phone was infected with spyware in February. It is unknown how many other users may have been infected.
The intended targets would not have to click anything for the attack to work. The researchers said they didn’t think there would be any visible evidence of a hacking attack.
The weak point lies in how iMessage automatically renders images. IMessage has been repeatedly targeted by NSO and other cyber weapons dealers, prompting Apple to update its architecture. But this upgrade did not fully protect the system.
“Popular chat apps run the risk of becoming the soft underbelly of device security. Securing them should be a top priority, ”said Citizen Lab researcher John Scott-Railton.
The US agency for cybersecurity and infrastructure security did not have an immediate opinion.
Citizen Lab said several details in the malware overlapped with previous NSO attacks, including some that were never publicly reported. A process in the hack’s code was called “setframed,” the same name used when a device infected in 2020 by a journalist at Al Jazeera, the researchers found.
“The security of devices is increasingly being questioned by attackers,” said Citizen Lab researcher Bill Marczak.
A record number of previously unknown attack vectors that can sell for $ 1 million or more were revealed this year. The attacks are known as “zero-day” because software companies had the problem zero days in advance.
Coupled with a surge in ransomware attacks on critical infrastructure, the explosion of such attacks has fueled a new focus on cybersecurity in the White House, as well as renewed demands for regulation and international agreements to curb malicious hacker attacks.
The FBI is investigating NSO and Israel has deployed a high-level inter-ministerial team to investigate allegations that its spyware has been misused around the world.
Although NSO has stated that it is vetting the governments it sells to, its Pegasus spyware has been found on the phones of activists, journalists and opposition politicians in countries with poor human rights records.