iOS 16 Lockdown Mode Detected NSO Group Spyware, Research Says

2023-04-18 14:27:13

The cybersecurity group Citizen Lab released a survey today that shows how the famous spyware Pegasusby the Israeli company NSO Groupexploited three new vulnerabilities to break the security of iOS 15 It’s from 16 in 2022. One of them, according to the information, was successfully blocked by the Lock Mode (Lockdown Mode).

In all three cases, the spyware exploited vulnerabilities of the type “zero-click” to get into victims’ iPhones. Unlike other attacks, which generally adopt tactics of phishing to install spyware on devices, this type of vulnerability allows installing software without the person even performing an action on their device.

????NEW REPORT: NSO Group’s #Pegasus #Spyware returns in 2022 with a trio of iOS 15 and iOS 16 zero-click exploit chains. The report finds NSO group clients deployed exploits against civil society members including two human right defenders in #Mexico https://t.co/kIoWsn0AW0

— Citizen Lab (@citizenlab) April 18, 2023

????NEW REPORT: #Pegasus #Spyware from the NSO Group returned in 2022 with a trio of attacks from “zero-click” on iOS 15 and iOS 16. The report reveals that NSO Group customers deployed spyware against members of civil society, including two human rights defenders in #Mexico.

Two of the three attacks, according to Citizen Lab, used messages sent by iMessage to install the spyware on victims’ smartphones. Once that happened, the software would take advantage of other vulnerabilities in the applications. Casa (Home) e Look for (Find My) to start spying on them.

The first attack, called “FINDMYPWN”, happened in early June 2022 and affected devices running iOS 15.5 through 15.6. Apparently, it consisted of two steps: first, it attacked the Buscar app, then went to iMessage itself. As Citizen Lab is still studying this vulnerability, few details about how it works have been revealed.

The second attack, called “PWNYOURHOME”was also divided into two stages and was used in October, affecting both devices with iOS 15 and the then newly released iOS 16. In this case, the attack took advantage of a hole in HomeKit to launch Pegasus.

This second attack, highlighted the group, was even blocked by iOS 16 Blocking Mode which, in turn, sent alerts to affected users. However, it is possible that, by this time, the NSO Group has already developed a way to prevent this notification from being displayed, although there is as yet no evidence of this.

A third attack, which would have been conducted in January last year with a single target, was also identified by the research and called “LATENTIMAGE”. There are few details about it, but it is believed that it also focused on the Search app – although it probably worked in a different way.

Finally, Citizen Lab explained that these attacks were identified after its researchers analyzed iPhones of human rights activists in Mexico. The survey was conducted in partnership with the organization Network in Defense of Digital Rightswhich works precisely for the rights of people in the online world.

via Forbes

1681829506
#iOS #Lockdown #Mode #Detected #NSO #Group #Spyware #Research