In a new report, researchers at the University of Toronto’s Citizen Lab said that NSO Group, an Israeli spyware company, used what is known as a “clickless exploit” to gain access to a phone. anonymous Saudi activist. Citizen Lab researchers called the exploit “Forcedentry” and said it had been in use since February. They also revealed that the NSO Group’s flagship spy program “Pegasus” was used to infect the activist’s device.
“While typical cyber attacks require a user to interact with malicious content – such as clicking on a malicious link – clickless exploits do not require any kind of interaction with the owners of the devices themselves,” Lisa Plaggemier, Director acting executive of the National Cyber Security Alliance, told CBS News. “This means that it is virtually impossible for individuals to know whether they have been compromised or not,” she added.
The NSO Group is well known in the cyber world and was previously funded and operated as an American corporation, but then returned to Israel. Hackers were able to install the Pegasus spyware on the target’s device using clickless exploits by sending a message or calling the phone.
“Once installed, Pegasus enables a variety of controls that can siphon data or activate processes, such as the camera or microphone, on iOS or Android devices,” Jerry Ray, COO of SecureAge e-business, told CBS News. Ray said the main difference between this NSO Group feat and the previous ones is the access route. In this case, it was an SMS sent through iMessage whereas previous attempts involved making phone calls.
“Considering all the apps that could potentially be a weakness that could be exploited by players like NSO Group, this could be just another comma update among the countless to come,” Ray said.
Citizen Lab describes the NSO Group as a “prolific” seller of spy technology to governments around the world and says its products, including Pegasus, are regularly linked to surveillance abuse. In 2019, Citizen Lab helped WhatsApp uncover a loophole in which at least 1,400 phones were targeted with missed voice calls. More recently, Citizen Lab said that Pegasus spyware was used to hack 36 personal phones of Al Jazeera journalists, producers, presenters and executives.
In a brief statement to CBS News, the NSO Group said it “will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terrorism and crime.”
But cybersecurity analysts who spoke to CBS News disagreed with the NSO group’s framing.
“Although the company claims that its spyware is only available for use by law enforcement groups licensed to target terrorists and criminals, many questions have been raised as to the veracity of this statement,” Plaggemier said. “This should serve as a wake-up call for device manufacturers and technology providers as a whole. Zero click threats are here and are here to stay, ”she added.
Apple, which on Monday offered an update to correct the security issue, thanked Citizen Lab for helping the company resolve the issue quickly.
“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short lifespan, and are used to target specific individuals,” said Ivan Krstić, head of engineering and architecture. security at Apple in a press release. “While this means that they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all of our customers, and we are constantly adding new protections for their devices and data,” said he added.
Earlier this year, Apple revealed that there are over 1 billion active iPhones and over 1.6 billion Apple devices in active use overall. While Apple says the recent vulnerability is unlikely to impact the majority of its customers, cybersecurity analysts say the breach is of great concern nonetheless.
“Apple intentionally tried to prevent Pegasus from running on iOS14, and the malware has always successfully exploited vulnerabilities in the software,” Caroline Wong, chief strategy officer for cybersecurity firm Cobalt, told CBS News. “The extent of this vulnerability is alarming,” she added.