New Delhi: Israeli spyware maker NSO Group used at least three new “zero-click exploits” against iPhones last year, discovering new ways to penetrate some of Apple’s latest software, researchers have found.
University of Toronto’s interdisciplinary laboratory — The Citizen Lab — stated in a study Tuesday that the attacks targeted phones running iOS 15 and early versions of iOS 16. The university team shared its findings with Apple, which has now corrected the faults the NSO was exploiting.
The Citizen Lab reported the attacks targeted human rights activists who were researching the 2015 mass kidnapping of 43 student demonstrators in Mexico amid other suspected military violations as well as ‘governmental interference’ in the investigations being carried out by the activists.
What does the report state?
The Citizen Lab obtained extensive forensic visibility into new NSO Group exploit activity in 2022 after discovering infections among members of Mexico’s civil society, including two human rights defenders from Centro PRODH, an organisation that represents victims of military abuses in Mexico, the report said.
The subsequent investigation led to the conclusion that in 2022, NSO Group customers deployed at least three iOS 15 and iOS 16 zero-click exploit chains against global civil society targets.
NSO Group’s third and final known 2022 iOS zero-click, dubbed by the researchers as “PWNYOURHOME”, was launched in October 2022 and appears to be a new two-stage zero-click exploit, with each step focusing on a separate iPhone process. The first phase focuses on HomeKit, while the second on iMessage.
In previous years, The Citizen Lab has discovered various NSO hacking methods while reviewing the phones of potential targets, including human rights workers and journalists.
While civil rights advocates are concerned that NSO was able to devise many new methods of attack, they are not surprised as NSO has become a symbol of government-level hacking. Its high-profile targeting has exposed it to researchers who are learning more of its techniques.
India’s brush with Pegasus
In October 2022, it was reported that India’s Intelligence Bureau had purchased hardware from NSO Group that matchec the description of equipment used abroad to deploy the company’s trademark Pegasus software.
The discovery backs up The New York Times’ claim year that the Indian government purchased Pegasus spyware in 2017 as part of a big arms deal with Israel.
Pegasus, which stealthily infects mobile phones with surveillance software, has been used in numerous nations to spy on journalists, activists, and phones of opposition politicians in India, such as Congress leader Rahul Gandhi.
Also read: Mexican president accuses Pentagon of spying, vows to restrict military information