New NSO zero-click attack escapes Apple iPhone security protections, says Citizen Lab – TechCrunch
Bahraini human A human rights activist’s iPhone was silently hacked earlier this year by powerful spyware sold to nation states, thwarting new security protections Apple designed to resist secret compromises, according to reports. Citizen Lab researchers.
The activist, who remains in Bahrain and has asked not to be named, is a member of the Bahrain Center for Human Rights, an award-winning nonprofit that promotes human rights in the Gulf state. The group continues to operate despite a ban imposed by the kingdom in 2004 following the arrest of its director for criticizing the country’s prime minister at the time.
Citizen Lab, the University of Toronto-based internet watchdog, analyzed the activist’s iPhone 12 Pro and found evidence that it had been hacked from February using a so-called “zero click” attack because it requires no user interaction to infect a victim’s device. The zero-click attack took advantage of a previously unknown security vulnerability in Apple’s iMessage, which was exploited to push spyware Pegasus, developed by Israeli company NSO Group, onto the activist’s phone.
The hack is significant, not least because Citizen Lab researchers said they found evidence that the zero-click attack successfully exploited the latest iPhone software at the time, both iOS 14.4 and later iOS 14.6, that Apple released in May. But the hacks also bypass a new software security feature built into all versions of iOS 14, dubbed BlastDoor, which is supposed to prevent this type of device hijacking by filtering malicious data sent through iMessage.
Because of its ability to bypass BlastDoor, researchers called this latest exploit ForcedEntry.
Citizen Lab’s Bill Marczak told TechCrunch that researchers have informed Apple of efforts to target and mine up-to-date iPhones. When reached by TechCrunch, Apple wouldn’t explicitly say whether it had found and fixed the vulnerability that NSO exploited.
In a boilerplate statement republished on Tuesday, Ivan Krstic, head of engineering and security architecture at Apple, said: Sophisticated, cost millions of dollars to develop, often have a short lifespan and are used to target specific individuals. While this means that they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all of our customers, and we are constantly adding new protections for their devices and data.
An Apple spokesperson said BlastDoor has not ended its efforts to secure iMessage and has beefed up its defenses in iOS 15, which is slated for release next month.
Citizen Lab said the Bahraini government was likely behind the targeting of the Bahraini human rights activist, along with eight other Bahraini activists between June 2020 and February 2021.
Bahrain is one of several authoritarian states known to be government clients of Pegasus, including Saudi Arabia, Rwanda, United Arab Emirates, and Mexico; however, NSO has repeatedly refused to name or confirm its dozens of clients, citing nondisclosure agreements.
Five of the targeted Bahraini phone numbers were found on the Pegasus Project list of 50,000 potential target phone numbers for Pegasus spyware surveillance, which gives its government clients nearly full access to a target’s device. , including their personal data, photos, messages and location.
One of those listed phone numbers belongs to another member of the Bahrain Center for Human Rights, which Citizen Lab says was targeted months earlier and with another clickless exploit called Kismet which predates ForcedEntry. . Citizen Lab says Kismet has stopped working on iOS 14 and later since the introduction of BlastDoor, but still poses a risk to devices running older versions of iPhones.
Two other Bahrainis, who now live in exile in London and have agreed to be named, have also seen their iPhones hacked.
Moosa Abd-Ali, a photojournalist who was previously the target of FinFisher spyware sold to the Bahraini government, had his iPhone hacked while living in London. Citizen Lab said he saw the Bahraini government spy only in Bahrain and neighboring Qatar, and said he suspected that another foreign government with access to Pegasus could be responsible for the hack. Recent reports have revealed that the United Arab Emirates, a close ally of Bahrain, is the “main government” for selecting UK phone numbers. Abd-Ali’s phone number was also on the 50,000 phone number list.
Bahraini activist Yusuf Al-Jamri also saw his iPhone hacked, according to the Bahraini government, sometime before September 2019, although it is not known whether Al-Jamri’s iPhone was hacked in Bahrain or London. Al-Jamri was granted asylum in the UK in 2017.
The seven anonymous Bahrainis continue to work in the kingdom despite a long history of human rights violations, internet censorship and widespread oppression. Reporters Without Borders ranks Bahrain’s human rights record as one of the most restrictive in the world, behind Iran, China and North Korea. A 2020 US State Department report on human rights in Bahrain said the country cited significant violations and abuses, and noted that the government “was using computer programs to monitor political activists and members of the opposition inside and outside the country ”.
When contacted, NSO Group did not respond to specific questions and did not say whether the Bahraini government was a client. In a statement attributed only as a spokesperson for NSO sent through its external PR firm Mercury, NSO said it had not seen Citizen Lab’s findings and would “vigorously investigate the allegations and would act accordingly on the basis of the findings “.
NSO recently claimed to have cut off five government clients’ access to Pegasus for human rights violations.
Bahraini government spokesman Zainab Al-Nasheet told TechCrunch in a statement: “These claims are based on unfounded allegations and flawed conclusions. The Bahraini government is committed to protecting the rights and freedoms of individuals.
Abd-Ali, who said he was arrested and tortured in Bahrain, said he thought he would find safety in the UK but still encounter digital surveillance but also physical attacks, as many software victims spies.
“Instead of protecting me, the British government has remained silent while three of its close allies – Israel, Bahrain and the United Arab Emirates – conspired to invade my privacy and that of dozens of other activists,” he said. -he declares.
You can send advice securely via Signal and WhatsApp at +1 646-755-8849. You can also send files or documents using our SecureDrop.