How Israel's NSO hacked into iPhones

Israel's NSO Pegasus surveillance software is able to easily hack into iPhones & Android phones.

MiiCritic Web Team

Melbourne, Australia: Dec 20, 2021

NSO's Pegasus surveillance software allegedly used by various government agencies on individuals, hacked into iPhones without anybody's knowledge. NSO sells similar zero-click capabilities which target Android devices as well. The "one-click exploit" occurs when a person's phone is being hacked when the link is clicked once.

NSO is now offering their clients "zero-click exploitation technology" allowing an attack on a person's phone even when the user hasn't clicked on a phishing link. In the zero-click scenario no user interaction is required. This means the attacker targeting a specific person does not need to send a phishing message since it works "silently in the background".

A person therefore can be targeted just for using a phone citing the Apple attack. A person with a phone number or an AppleID username can become a target. The "initial entry point" for Pegasus on the iPhone was the iMessage.

The Pegasus software uses GIF files in iMessages to target users. It uses the "fake gif" trick to hack into phones covertly even as the person remains unaware.

The US government had recently blacklisted the NSO group since it supplied spyware to foreign governments that used tools to "maliciously target" government officials, journalists, business people and activists.

Apple worked on the problem and fixed it in September this year as it released a new iOS update.

(Contributions from media outlets)

No comments found