Join our daily newsletter At The Bell to receive exclusive market insights
- Cyber surveillance firm NSO Group developed a tool to break into Apple iPhones with a new technique that’s been in use since at least February
- The discovery is important because the malware requires no user interaction and can infect all versions of Apple’s iOS, OSX, and watchOS
- The vulnerability lies in how iMessage automatically renders images
- In a statement to Reuters, NSO Group did not confirm or deny that it was behind the technique
- However, multiple details in the malware shared similarities with prior attacks by NSO Group, including some that were never publicly reported
According to internet security watchdog Citizen Lab, Israeli cyber surveillance firm NSO Group developed a tool to break into Apple iPhones with a never-before-seen technique that’s been in use since at least February.
The discovery is important because of the critical nature of the vulnerability, which requires no user interaction and can infect all versions of Apple’s iOS, OSX, and watchOS — except those updated by the tech behemoth on Monday.
Apple said it fixed the issue in Monday’s software update, confirming Citizen Lab’s finding.
“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,” said Ivan Krstić, head of Apple’s Security Engineering and Architecture.
“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”
In a statement to Reuters, NSO Group did not confirm or deny that it was behind the technique, saying only that it would “continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime.”
Citizen Lab said it had found the malware on the phone of a Saudi activist, noting that the device had been infected since February.
The vulnerability lies in how iMessage automatically renders images. The app has been repeatedly targeted by NSO Group and other cyber arms dealers, prompting Apple to upgrade its architecture. That update, however, has not fully protected the system.
“Popular chat apps are at risk of becoming the soft underbelly of device security,” said Citizen Lab researcher John Scott-Railton. “Securing them should be top priority.”
Citizen Lab said multiple details in the malware shared similarities with prior attacks by NSO Group, including some that were never publicly reported. One process within the hack’s code was named ‘setframed’, the same name given in a 2020 infection of a device used by a journalist at Al Jazeera.
Although NSO Group has said it vets the governments it sells to, its Pegasus spyware has been found on the phones of activists, journalists and opposition politicians in countries with poor human rights records.
