Senior Researcher Discovers Zero-Click iPhone Hack Using NSO Group’s Spyware

8 年 2023 月 XNUMX 日
A Washington-based civil society organization recently fell victim to a remote hack using spyware developed by Israeli firm NSO Group. The breach was discovered by John Scott-Railton, a senior researcher at the University of Toronto’s Munk School. Upon reporting the incident, Apple swiftly investigated and patched the breach.

NSO Group’s Pegasus hacking tool has been the subject of US sanctions since 2021 due to its use by certain governments to target journalists and dissidents outside their own borders. This particular hack falls under the category of a zero-click hack, which requires no user interaction for malware to install surveillance software on mobile devices.

Scott-Railton emphasized the seriousness of this attack, highlighting the fact that it was a zero-click attack actively used against civil society. He commended Apple for promptly addressing the issue. Citizen Lab, the research organization Scott-Railton works with, named the exploit chain BLASTPASS in a blog post, noting its ability to compromise iPhones running the latest version of Apple’s operating system without any victim interaction.

NSO Group, however, responded to the claims by stating their inability to address allegations lacking supporting research. The company has previously maintained that Pegasus does not work on phone numbers with the “+1” country code used in the US and Canada. The targeted individual and organization have not been identified.

Citizen Lab, which has previously exposed NSO Group’s zero-click hacking methods, recommends enabling Lockdown Mode on devices for those at increased risk. Lockdown Mode significantly limits app usage and features, such as blocking most message attachments.

The incident sheds further light on NSO Group’s activities, which have faced increasing scrutiny worldwide. Poland’s Senate recently published an investigation report stating constitutional violations and unfairness during the 2019 parliamentary elections due to the use of Pegasus. Moreover, the Israeli government has launched a commission to investigate the potential misuse of NSO Group’s spyware by the police in criminal investigations.

