Apple on Monday issued emergency software updates for a critical vulnerability in its products after security researchers discovered a flaw that allows Israel’s NSO Group’s highly invasive spyware to infect anyone’s iPhone, iWatch, or Mac without not even a click.
Apple’s security team has been working around the clock to develop a solution since Tuesday, after researchers from Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered that the iPhone of a Saudi activist had been infected with NSO Group spyware.
The spyware, called Pegasus, used a novel method to invisibly infect an Apple device without the victim’s knowledge for up to six months. Known as a “no-click remote exploit,” it is considered the Holy Grail of surveillance because it allows governments, mercenaries, and criminals to secretly break into a victim’s device without warning.
Using the zero-click infection method, Pegasus can turn on a user’s camera and microphone, record their messages, text messages, emails, calls, even those sent via encrypted messages and phone apps like Signal, and send it. back to NSO clients in governments. the world.
“This spyware can do everything an iPhone user can do on their device and more,” said John-Scott Railton, senior researcher at Citizen Lab, who teamed up with Bill Marczak, senior researcher at Citizen Lab, about the finding. .
In the past, victims only found out that their devices were infected by spyware after receiving a suspicious link sent via text message to their phone or email. But NSO Group’s zero-click ability doesn’t give the victim that warning and allows full access to a person’s digital life. These capabilities can generate millions of dollars in the underground market for hacking tools.
An Apple spokesperson confirmed Citizen Lab’s assessment and said the company planned to add spyware barriers to its next iOS 15 software update, which is expected later this year.
NSO Group did not immediately respond to inquiries on Monday.
NSO Group has been controversial for a long time. The company has said that it sells its spyware only to governments that adhere to strict human rights standards. But for the past six years, his Pegasus spyware has been found on the phones of activists, dissidents, lawyers, doctors, nutritionists, and even children in countries like Saudi Arabia, the United Arab Emirates, and Mexico.
In July, NSO Group came under intense media scrutiny after Amnesty International, the human rights watchdog, and Forbidden Stories, a group that focuses on freedom of expression, partnered with a consortium of media organizations in “The Pegasus Project” to publish a list they said contained some 50,000 people, including hundreds of journalists, government leaders, dissidents and activists, targeted by NSO clients.
The consortium did not disclose how it obtained the list and it was unclear if the list was aspirational or if people were actually targeted with NSO spyware.
Among those on the list are Azam Ahmed, a former New York Times bureau chief in Mexico City who has reported extensively on corruption, violence and surveillance in Latin America, including the NSO itself; and Ben Hubbard, the Times bureau chief in Beirut, who has investigated rights abuses and corruption in Saudi Arabia and has written a recent biography of the Saudi Crown Prince, Mohammed bin Salman.
Shalev Hulio, co-founder of NSO Group, vehemently denied the accuracy of the list, telling The Times: “This is like opening the white pages, picking 50,000 numbers and drawing some conclusion.”
NSO clients previously infected their targets using text messages that coaxed victims into clicking on a link. Those links made it possible for journalists to investigate the possible presence of the NSO spyware. But the new zero-click method makes spyware discovery much more difficult for journalists and cybersecurity researchers.
“The commercial spyware industry is going dark,” said Marczak, a Citizen Lab researcher who helped uncover the vulnerability on a Saudi activist’s phone.
Scott-Railton urged Apple customers to run their software updates.
“Do you have an Apple product? Update it today, ”he said.