![]() In July, a global media consortium published a damning report on how clients of NSO Group have been spying for years on journalists, human rights activists, political dissidents, and people close to them, with the hacker-for-hire group directly involved in the targeting. federal court for allegedly targeting some 1,400 users of the encrypted messaging service with spyware. In October 2019, Facebook sued NSO in U.S. "If Pegasus was only being used against criminals and terrorists, we never would have found this stuff," said Marczak.įacebook's WhatsApp was also allegedly targeted by an NSO zero-click exploit. The researchers said it also undermines NSO Group's claims that it only sells its spyware to law enforcement officials for use against criminals and terrorists and audits its customers to ensure it's not abused. "And it's why it's so important that companies focus on making sure that they are as locked down as possible." "Chat apps are increasingly becoming a major way that nation-states and mercenary hackers are gaining access to phones," he said. Researcher John Scott-Railton said the news highlights the importance of securing popular messaging apps against such attacks. It urged people to immediately install security updates. Those who want to jump the gun can go into the phone settings, click "General" then "Software Update," and trigger the patch update directly.Ĭitizen Lab called the iMessage exploit FORCEDENTRY and said it was effective against Apple iOS, MacOS and WatchOS devices. Users should get alerts on their iPhones prompting them to update the phone's iOS software. Apple didn't respond to questions regarding whether this was the first time it had patched a zero-click vulnerability. In a subsequent statement, Apple security chief Ivan Krstić commended Citizen Lab and said such exploits "are not a threat to the overwhelming majority of our users." He noted, as he has in the past, that such exploits typically cost millions of dollars to develop and often have a short shelf life. It said it was aware that the issue may have been exploited and cited Citizen Lab. In a blog post, Apple said it was issuing a security update for iPhones and iPads because a "maliciously crafted" PDF file could lead to them being hacked. He said the malicious file causes devices to crash.Ĭitizen Lab says the case reveals, once again, that NSO Group is allowing its spyware to be used against ordinary civilians. It was discovered during a second examination of the phone, which forensics showed had been infected in March. Malicious image files were transmitted to the activist's phone via the iMessage instant-messaging app before it was hacked with NSO's Pegasus spyware, which opens a phone to eavesdropping and remote data theft, Marczak said. ![]() The company has previously acknowledged similarly serious flaws and, in what Strafach estimated to be perhaps a dozen occasions, has noted that it was aware of reports that such security holes had being exploited.World What To Know About The Spying Scandal Linked To Israeli Tech Firm NSOĪlthough security experts say that average iPhone, iPad and Mac user generally need not worry - such attacks tend to be limited to specific targets - the discovery still alarmed security professionals. Security researcher Will Strafach said he had seen no technical analysis of the vulnerabilities that Apple has just patched. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists. NSO Group has been blacklisted by the U.S. In all cases, it cited an anonymous researcher.Ĭommercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real time. The flaw also affects some iPod models.Īpple did not say in the reports how, where or by whom the vulnerabilities were discovered. Security experts have advised users to update affected devices - the iPhone 6S and later models several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2 and Mac computers running MacOS Monterey. That would allow intruders to impersonate the device’s owner and subsequently run any software in their name, said Rachel Tobac, CEO of SocialProof Security. Apple’s explanation of the vulnerability means a hacker could get “full admin access” to the device.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |