An important iMessage vulnerability that was being exploited to attack iPhone users has been fixed by an urgent patch from Apple.
According to a recent study by Citizen Lab, a digital rights organization based at the University of Toronto’s Munk School that has been looking into NSO spyware for years, security researchers discovered the vulnerability when looking into the potential breach of a Saudi activist’s iPhone.
The researchers informed Motherboard that they think one of NSO’s clients, the notorious Israeli firm known for selling spyware to numerous governments across the world, was responsible for the attack. The attack made use of a zero-day vulnerability in iMessage, which gave the hackers access to the target’s phone by sending them a message that was essentially invisible. Since the user is not required to click on anything, these attacks are known as zero-click exploits.
This zero-day vulnerability, according to a blog post by Citizen Lab, has been in use since at least February of this year.
Apple opted not to respond. However, the business acknowledged Citizen Lab in a security upgrade it released on Monday. In an email, a representative for NSO stated that the company “will continue to provide intelligence and law enforcement organizations throughout the world with life-saving technologies to combat terrorism and crime.”
Popular chat apps like iMessage are currently the preferred method of attack for nation-state actors and criminal hackers on mobile devices.
This finding may rekindle the argument over whether iPhones are now too susceptible to intrusion by government hackers using sophisticated spyware like that produced by NSO.
“What this truly shows is that mercenary hackers and nation-state organizations are actively using popular chat apps like iMessage to target mobile devices. Apps for messaging and chat that are widely used are a serious attack surface. And it’s time for them to become far more secure,” Citizen Lab senior researcher John Scott-Railton told Motherboard over the phone.
This finding also demonstrates how difficult it is for academics to uncover these kinds of assaults.
The conventional method by which we track this material is by having targets send us any questionable items they discover for examination. But in this zero-click instance, it is clear that the target cannot notice anything. Therefore, it’s a case of the spyware industry increasingly going underground, according to Bill Marczak, a Citizen Lab researcher who looked into this attack, in a phone interview with Motherboard.
A group of 17 media outlets revealed in July that they had acquired a list of 50,000 phone numbers targeted by several NSO government customers, working with Amnesty International and the nonprofit Forbidden Stories. Amnesty International’s forensic investigation uncovered evidence of attempted or successful intrusions on 34 phones.
This finding was made a few months after Apple introduced a security feature that was meant to make it more difficult to attack iPhones with these specific types of hacks, as Motherboard revealed in February of this year.
In a blog post, Citizen Lab explained how it discovered the zero-day. Researchers claimed in the post that they had found evidence of Pegasus malware on an iPhone belonging to a Saudi activist after examining it. Researchers told Motherboard that they identified evidence connecting the attack to the breach of 36 journalists at Al-Jazeera, which Citizen Lab reported in December 2020, and used that information to ascribe the attack to NSO.
Although the researchers claimed that the user could not see the effects of the attack, they were able to gather proof that iMessage had saved many attachments that looked like GIF files but were actually PDF and PSD files. The proof was kept in the activists’ iPhone crash logs, which contain information about recent phone crashes and occasionally can reveal signs of a hack.
“Processing a PDF that has been maliciously created could result in arbitrary code execution. Apple stated in the patch’s release notes, “Apple is aware of a report that this problem may have been actively exploited.
The argument over whether Apple is doing enough to defend customers against these types of attacks will surely resurface in light of this latest discovery.
“Anyone who develops widely used chat applications must make sure that the attack surface that programs expose is kept to a minimum. Otherwise, they will continue to be a prime target for hacking activities by mercenaries and nation-states, according to Scott-Railton.
Apple has recently been under fire from security professionals for a number of attacks that have been found.
Claudio Guarnieri, the director of Amnesty International’s Security Lab, which conducted the Pegasus Project study, stated in a recent op-ed that he would welcome a more affordable, accessible, and safe smartphone next fall instead of one with an obscenely high camera and pixel counts.
Ivan Krsti, the head of Apple Security Engineering and Architecture, released the following comment after the article was published on Apple’s behalf:
“Apple quickly created and released a fix in iOS 14.8 to safeguard our users after finding the vulnerability utilized by this iMessage exploit. We would like to thank Citizen Lab for completing the extremely challenging task of collecting a sample of this exploit so we could provide this fix right away.
Attacks like those mentioned here are extremely complex, develop for millions of dollars, frequently have a short shelf life, and are used to target certain people. Although the vast majority of our users are not at risk, we nevertheless work relentlessly to safeguard all of our clients and are continually introducing additional security for their devices and data.
Stay tuned to enviro360 for more infotainment news.