On Monday, Apple released an emergency software update for a critical vulnerability in its products after security researchers discovered a vulnerability that allowed highly intrusive spyware from Israel’s NSO Corporation infects anyone’s iPhone, iWatch or Mac computer without a single click.
Apple’s security team has been working around the clock to develop a fix since Tuesday, after researchers at Citizen Lab, an organization that oversees cybersecurity at the University of Toronto, discovered that A Saudi activist’s iPhone was infected with spyware from NSO Group.
The spyware, called Pegasus, used a new method to invisibly infect an Apple device without the victim’s knowledge for six months. Known as “zero-click remote mining,” it is considered the Holy Grail of surveillance as it allows governments, mercenaries, and criminals to secretly break into victims’ devices. without gagging them.
Using a zero-click infection method, Pegasus can turn on a user’s camera and microphone, recording their messages, texts, emails, calls – even those sent via phone apps Voice and text messages are encrypted like Signal – and sent back to NSO customers in governments around the world.
“This spyware can do everything a user can do,” said John-Scott Railton, a senior researcher at Citizen Lab who collaborated with Bill Marczak, a senior research fellow at Citizen Lab. iPhones can do on their devices and more.
Previously, victims only learned their device was infected with spyware after receiving a suspicious link texted to their phone or email. But NSO Group’s no-click capability does not allow such prompting victims and allows full access to one’s digital life. These capabilities can raise millions of dollars in the underground market for hacking tools.
An Apple spokesperson confirmed Citizen Lab’s assessment and said the company planned to add spyware barriers to its next iOS 15 software update, expected later this year. .
NSO Group did not immediately respond to questions on Monday.
NSO Group has long caused controversy. The company says it only sells its spyware to governments that meet strict human rights standards. But over the past six years, its Pegasus spyware has appeared on the phones of activists, dissidents, lawyers, doctors, nutritionists, and even children in countries around the world. countries such as Saudi Arabia, the United Arab Emirates and Mexico.
In July, the NSO Group became the subject of intense media scrutiny after Amnesty International, the human rights watchdog, and Forbidden Stories, a group focused on free speech, has partnered with a consortium of media organizations on “Project Pegasus” to publish a list that it says has around 50,000 people – including hundreds of journalists, government leaders, dissidents and activists – targeted by NSO clients.
The corporation did not disclose how it obtained the listing, and it is unclear whether the listings are desirable or if the real people are the targets of the NSO spyware.
Among those listed is Azam Ahmed, a former New York Times Mexico City bureau chief who has reported extensively on corruption, violence and surveillance in Latin America, including the NSO itself; and Ben Hubbard, The Times’ Beirut bureau director, who has investigated abuses of power and corruption in Saudi Arabia and wrote a recent biography of the crown prince of Saudi Arabia, Mohammed bin Salman.
Shalev Hulio, co-founder of NSO Group, vehemently denied the listing’s accuracy, telling The Times, “This is like opening a white page, picking 50,000 numbers and drawing some conclusions from it. it.”
NSO clients have previously infected their targets using text messages encouraging victims to click on a link. Those links make it possible for journalists to investigate the possible presence of NSO spyware. But the new zero-click method makes the detection of spyware by journalists and cybersecurity researchers much more difficult.
“The commercial spyware industry is going black,” said Marczak, a researcher at Citizen Lab who helped uncover the phone exploit of a Saudi activist. darker.
Mr. Scott-Railton urged Apple customers to run their software updates.
“Do you own an Apple product? Update it today,” he said.