Israeli Spyware Company Using 'Terrifying' Hack to Control Apple Devices: Researchers Warn
- September, 14, 2021 - 17:20
- World news
TEHRAN (Tasnim) – Researchers warned that the Israeli spyware company NSO Group has devised a technique to take control of nearly any Apple computer, watch, or iPhone, leading Apple to encourage all customers to upgrade their devices on Monday.
“It’s absolutely terrifying,” said John Scott-Railton, a senior researcher at The Citizen Lab, which recently discovered the software exploit and notified Apple about it. The group published a report about it Monday.
The malicious software takes control of an Apple device by first sending a message through iMessage, the company’s default messaging app, and then hacking through a flaw in how Apple processes images. It is what’s known in the cybersecurity industry as a “zero-click” exploit — a particularly dangerous and pernicious flaw that doesn’t require a victim clicking a link or downloading a file to take over, NBCNews reported.
People whose devices have been exploited are extremely unlikely to realize they’ve been hacked, Scott-Railton said.
“The user sees crickets while their iPhone is silently exploited,” he said. “Someone sends you a GIF that isn’t, and then you’re in trouble. That’s it. You don’t see a thing.”
As is often the case with NSO Group hacking, the newly discovered exploit is both technologically remarkable but likely only used on people specifically targeted by governments who use the company’s software.
NSO Group creates surveillance and hacking software that it leases to governments to spy on individuals’ computers and smartphones. For years, it has insisted that its primary product, Pegasus, is a vital tool to stop terrorists and other criminals, and that it merely leases its technology to legitimate governments in accordance with their own laws. It has also insisted it can’t be used to target Americans’ phones, and that it revokes usage from countries that misuse its products.
But Citizen Lab, a cybersecurity research center at the University of Toronto, has repeatedly found instances of Pegasus software used against journalists in Mexico who investigated cartels and Saudi Arabian dissidents, including associates of the slain Washington Post columnist Jamal Khashoggi.
In an emailed statement, an NSO spokesperson said that "NSO Group will continue to provide intelligence and law enforcement agencies around the world with lifesaving technologies to fight terror and crime."
An NSO Group spokesperson didn’t immediately return a request for comment.
Apple didn’t publish technical notes with a new software update available Monday that addressed flaws identified by Citizen Lab. The company noted that “this issue may have been actively exploited.”
In an emailed statement, Apple's head of Security Engineering and Architecture, Ivan Krstic, thanked Citizen Lab for alerting the company to the exploit.
"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals," Krstic said.
Updating to the latest version of iOS or Mac OS will keep users from being newly infected with this particular exploit, Scott-Railton said.
“This will prevent you from being infected with this exploit going forward,” he said. “But what we know is NSO is always trying to find other ways to infect people’s phones, and they may turn to something else.”