04-19-2023, 05:25 AM
https://wapo.st/40koPc4
Israeli spyware maker NSO Group deployed at least three new “zero-click” hacks against iPhones last year, finding ways to penetrate some of Apple’s latest software, researchers at Citizen Lab have discovered.
The attacks struck phones with iOS 15 and early versions of iOS 16 operating software, Citizen Lab said in a report Tuesday. The lab, based at the University of Toronto, shared its results with Apple, which has now fixed the flaws that NSO had been exploiting.
The attacks targeted human rights activists who were investigating the 2015 mass kidnapping of 43 student protesters in Mexico, other suspected military abuses, and the related government response, Citizen Lab said. Mexico has been a major NSO customer.
According to Citizen Lab, one of the attacks, in September 2022, coincided with a report by international experts challenging government evidence in the 2015 case and its interference with the investigation.
It’s the latest sign of NSO’s ongoing efforts to create spyware that penetrates iPhones without users taking any actions that allow it in. Citizen Lab has detected multiple NSO hacking methods in past years while examining the phones of likely targets, including human rights workers and journalists.
>>>>
In one encouraging sign, some of the most recent attacks failed against users who had activated Apple’s recently introduced Lockdown Mode, which stops some communications from unknown callers and reduces the number of programs that are automatically invoked.
In an attack chain that used HomeKit — Apple’s framework for apps that control home lighting, temperature and other smart devices — iPhone users were warned that someone had tried to access the program but had been blocked, researchers said.
Those warnings stopped showing up after a time, presumably because the attackers figured out a way to access the program without triggering the warning or because they abandoned the method.
Marczak urged other likely targets to use Lockdown Mode as well.
Israeli spyware maker NSO Group deployed at least three new “zero-click” hacks against iPhones last year, finding ways to penetrate some of Apple’s latest software, researchers at Citizen Lab have discovered.
The attacks struck phones with iOS 15 and early versions of iOS 16 operating software, Citizen Lab said in a report Tuesday. The lab, based at the University of Toronto, shared its results with Apple, which has now fixed the flaws that NSO had been exploiting.
The attacks targeted human rights activists who were investigating the 2015 mass kidnapping of 43 student protesters in Mexico, other suspected military abuses, and the related government response, Citizen Lab said. Mexico has been a major NSO customer.
According to Citizen Lab, one of the attacks, in September 2022, coincided with a report by international experts challenging government evidence in the 2015 case and its interference with the investigation.
It’s the latest sign of NSO’s ongoing efforts to create spyware that penetrates iPhones without users taking any actions that allow it in. Citizen Lab has detected multiple NSO hacking methods in past years while examining the phones of likely targets, including human rights workers and journalists.
>>>>
In one encouraging sign, some of the most recent attacks failed against users who had activated Apple’s recently introduced Lockdown Mode, which stops some communications from unknown callers and reduces the number of programs that are automatically invoked.
In an attack chain that used HomeKit — Apple’s framework for apps that control home lighting, temperature and other smart devices — iPhone users were warned that someone had tried to access the program but had been blocked, researchers said.
Those warnings stopped showing up after a time, presumably because the attackers figured out a way to access the program without triggering the warning or because they abandoned the method.
Marczak urged other likely targets to use Lockdown Mode as well.