New evidence uncovered by Amnesty International and Forbidden Stories has revealed a massive wave of attacks by cyber surveillance company NSO Group’s customers on iPhones, potentially affecting thousands of Apple users worldwide.
Deputy Director of Amnesty Tech Danna Ingleton says, “Apple prides itself on its security and privacy features, but NSO Group has ripped these apart. Our forensic analysis has uncovered irrefutable evidence that through iMessage zero-click attacks, NSO’s spyware has successfully infected iPhone 11 and iPhone 12 models. Thousands of iPhones have potentially been compromised.”
According to Lookout Threat Lab, NSO develops Pegasus, a highly advanced mobile malware that infects iOS and Android devices and enables operators to extract specific GPS coordinates, messages, encrypted chats from apps like WhatsApp and Signal, photos and emails, record calls, and secretly turn on the microphone and camera.
Amnesty International reports that NSO Group’s spyware has been used to facilitate human rights violations around the world on a massive scale, as revealed by a major investigation into the leak of 50,000 phone numbers of potential surveillance targets. These include heads of state, activists and journalists.
The investigation also revealed that Pegasus zero-click attacks have been used to install spyware on iPhones. Amnesty International was able to confirm that thousands of iPhones were listed as potential targets for Pegasus spyware, though it was not possible to confirm how many were successfully hacked.
Thousands of Google Android phones were also selected for targeting, but unlike iPhones their operating systems do not keep accessible logs useful for detecting Pegasus spyware infection. Among the Apple products successfully infected were iPhone 11 and iPhone 12 models, equipped with the latest updates which were believed to have high levels of security. These attacks exposed activists, journalists and politicians around the world to the risk of having their location and activity monitored and their personal information used against them, Ingleton says.
Since its initial discovery by Lookout and Citizen Lab in 2016, Pegasus has continued to evolve, says Aaron Cockerill, Chief Strategy Officer at Lookout, a San Francisco, Calif.-based endpoint-to-cloud security company. “It has advanced to the point of executing on the target’s mobile device without requiring any interaction by the user, which means the operator only has to send the malware to the device. Considering the number of apps iOS and Android devices have with messaging functionality, this could be done through SMS, email, social media, third-party messaging, gaming or dating apps.”
Cockerill explains that every day, the research teams at Lookout observe advanced techniques used by the likes of the NSO Group. “There has been a trend where these techniques are being adopted more frequently by consumer-grade surveillanceware and spyware vendors. This could put very powerful surveillance tools in almost anyone’s hands.” Lookout has also observed a similar trend in the ransomware market, where ransomware-as-a-service has made it possible for threat actors without much experience to execute these campaigns.
As mobile devices continue to be a primary attack vector for cybercriminals and continue to be an integral part of life, “these mobile devices need to be secured with as much, if not more priority than any other device. As smartphones continue to evolve, security continues to improve. However, so does the breadth and complexity of the existing software codebase, with millions of lines of code which need to be secured,” Cockerill explains.
This is a time for us to get behind Apple and others (including Google) as they up the ante against what was originally intended to be “spyware” for societal good, says Setu Kulkarni, Vice President, Strategy at NTT Application Security, a San Jose, Calif.-based provider of application security. “The line between acceptable surveillance (if any) and privacy intrusion is very thin. In this case, Pegasus being used to target political opponents is well in the realm of crime and should be dealt as such. For Apple and other manufactures, this is a moment of reckoning to get further entrenched with the governments to create more checks and balances while they make their platform more impenetrable for bad actors. For law makers, this is a moment of reckoning as well to create consequences for misuse of such utilities,” Kulkarni says. “I hope this does not end up in a situation where the measures taken end up taking away an otherwise legitimate tool (NSO claims that it provides cyber intelligence for global security and stability) that law makers have to keep society safe. Ultimately, for NSO, Apple and law agencies – the lesson is that with great power comes great responsibility. It is time to step it up and find a way forward where NSO, Apple and law agencies can further improve their collaboration rather than take a step back.”
Source: https://www.securitymagazine.com/articles/95686-iphones-compromised-by-nso-spyware