TEMPO.CO, Jakarta – A watchdog group on Monday revealed Israeli cyber surveillance company NSO Group has developed software Pegasus Spyware designed to break into iPhone security and has been in use since February.
Researchers at the internet security watchdog group Citizen Lab, say tools developed by Israeli firm NSO Group outperform security systems designed by Apple in recent years, according to reports. Reuters, quoted September 14, 2021.
This discovery is important because of the critical nature of the vulnerability, which requires no user interaction and affects all versions of Apple iOS, OSX, and watchOS, except those updated on Monday. This means that iOS users can be exposed to Pegasus without clicking or opening a browser, or any other external interaction.
Apple said it fixed the vulnerability in Monday’s software update with iOS 14.8, and confirmed Citizen Lab’s findings.
“After identifying the vulnerability used by this exploit for iMessage, Apple quickly developed and implemented a fix in iOS 14.8 to protect our users,” said Ivan Krsti, head of Apple’s Department of Security Engineering and Architecture. Reuters.
“Attacks as described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”
“While that means they are not a threat to most of our users, we continue to work tirelessly to look after all of our customers, and we are constantly adding new protections for their devices and data,” he added.
An Apple spokesperson declined to comment on whether the hacking technique originated with the NSO Group.
This photo released August 25, 2016, shows an Israeli NSO Group company that had offices until a few months ago in Herzliya, Israel. Human rights group Amnesty International said that a member of its staff was targeted by Israeli-made spyware from the NSO Group.[AP Photo / Daniella Cheslow]
In a statement to Reuters, NSO Group has neither confirmed nor denied that it is behind the technique, only saying it will continue to provide intelligence and law enforcement agencies around the world with “life-saving technology to fight terror and crime”.
Citizen Lab said it found malware on the phone of an unnamed Saudi Arabian activist and that the phone had been infected spyware in February. It is not known how many other users may have been infected with this spyware.
The target in question does not need to click anything for the attack to succeed. The researchers said they would not know if their phone had been hacked.
The vulnerability lies in how iMessage automatically creates images. iMessage has been repeatedly targeted by NSO and other cyber weapons makers, prompting Apple to update its security. But that upgrade doesn’t fully protect the system.
“Popular chat apps risk being at the bottom of device security. Securing them should be a top priority,” said Citizen Lab researcher John Scott-Railton.
The US Cybersecurity and Infrastructure Security Agency did not immediately comment.
Citizen Lab said some details in the malware overlap with previous attacks by the NSO Group, including some that were never publicly reported. One process in the hack’s code was named “setframed,” the same name given to a 2020 infection on a device used by a journalist. Al Jazeera, according to the researchers’ findings.
In 2019, Citizen Lab analysts also accused Pegasus Spyware of being used on the cellphone of the wife of a murdered Mexican journalist, CNN report.
“Device security is increasingly being challenged by attackers,” said Citizen Lab researcher Bill Marczak.
A record number of previously unknown attack methods, which could sell for $1 million or more, has been revealed this year. The attack was labeled “zero-day” because the software company had no prior notification of the problem.
In a lawsuit filed in 2019, Facebook accused NSO Group of being involved in hacking 1,400 mobile devices using WhatsApp. NSO denies the accusations.
As ransomware attacks spike against critical infrastructure, the explosion of such attacks has sparked a renewed focus on cybersecurity at the White House as well as renewed calls for regulation and international treaties to control malicious hacking.
Advanced spyware by the NSO Group and other vendors has reportedly been used from Uzbekistan to Morocco. French newspaper The world in July reported President Emmanuel Macron’s cell phone had been bugged with Pegasus Spyware, including the Prime Minister Edouard Philippe and the 14 ministers targeted for 2019.
The spike in Pegasus Spyware attacks prompted a UN panel of human rights experts in August to call for a moratorium on sales of the surveillance tool. The UN panel said the ban should remain in effect until the government “implements robust regulations that ensure its use is in accordance with international human rights standards.”
The FBI has also investigated the NSO Group, and Israel has set up an inter-ministerial team to assess allegations that its spyware has been abused on a global scale.
Though NSO Group have said they checked the government that sold it, their Pegasus Spyware has been found on the phones of activists, journalists and opposition politicians in countries with poor human rights records.
REUTERS | CNN