Google says NSO Group iPhone hack was "incredible and terrifying"

News
By
published

There's no defense from the zero-click attack

An iPhone beside a laptop.
(Image credit: Pixabay)

The recently-discovered NSO Group Pegasus iPhone hack is both “incredible” and “terrifying”, Google’s engineers have said.

In a detailed two-part blog post, Google Project Zero engineers Ian Beer & Samuel Groß explained how the NSO Group (an Israeli technology firm primarily known for its proprietary spyware) designed an attack mechanism “against which there is no defense," as no mobile antivirus would be able to spot it.

Also known as a “zero-click” exploit, it’s just as it sounds - the victim doesn’t even need to click anything in order to be compromised. Basically, all it needs to do is receive an SMS message via Apple’s iMessage service.

Under attack

The attack methodology itself is rather complex, and involves “fake” gifs, CoreGraphics PDF parsers, the JBIG2 codec, and an entirely “new” computer architecture that is “not as fast as Javascript, but it's fundamentally computationally equivalent”.

You can find a detailed breakdown of how the vulnerability works on this link

The vulnerability is logged as CVE-2021-30860, and has been fixed on September 13, 2021 in iOS 14.8. Apparently, there's also an Android version, but the researchers are yet to get a sample. 

Banning NSO Group

In November 2021, the U.S. Department of Commerce said the NSO Group sold its spyware to foreign governments, which then used it to target government officials, journalists, businesspeople, activities, academics, and embassy workers. It added the company to its “entity list”, which essentially bans it from the US market.

Soon afterwards, Apple also filed for a permanent injunction which would ban the NSO Group from using any of its software, hardware, or services.

“Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we’ve ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation-states,” the researchers concluded.

There is no telling how many people might have been targeted with this exploit, but we do know of a Saudi activist that was targeted earlier this year. It was Citizen Lab that managed to capture the dreaded message and examine it.

You might also want to check out our list of the best VPN services right now

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.