A new zero-click exploit in iMessage was discovered that allows to secretly install NSO Group’s Pegasus spyware. The threat actor used the vulnerability to compromise the devices of Bahraini activists.
The Citizen Lab’s report, which was released today, revealed how NSO Group’s spyware infiltrated the accounts of human rights defenders and journalists in Bahrain
According to researchers at Citizen Lab, in total, nine Bahraini activists had their iPhones hacked. Among them were members of the Bahrain Center for Human Rights, Waad, and Al Wefaq. The campaign was carried out by a Pegasus operator linked by Citizen Lab with high confidence to the government of Bahrain.
The spyware was deployed through two zero-click exploits that were targeted at users who used iMessage. One of them was a new zero-click iMessage exploit that effectively allows to circumvent the iOS BlastDoor feature designed to block such exploits.
“We saw the FORCEDENTRY exploit successfully deployed against iOS versions 14.4 and 14.6 as a zero-day,” Citizen Lab said. “With the consent of targets, we shared these crash logs and some additional phone logs relating to KISMET and FORCEDENTRY with Apple, Inc., which confirmed they were investigating.”
Researchers note that disabling iMessage and FaceTime will not prevent exploitation, since NSO Group has also used exploits to compromise other messaging apps such as WhatsApp. Furthermore, disabling iMessage means using unencrypted messages, which can be intercepted by a threat actor.
Researchers say that until Apple issued its security updates, all users can do is disable all apps that the NSO Group could potentially target.
Pegasus is a spyware tool that’s supposed to be used by government agencies to monitor and investigate crime and terror. But many entities abuse it for spying purposes.
In 2016, Facebook sued NSO Group, an Israeli cyber-surveillance firm, for creating and selling a zero-day exploit that affected millions of users.
In 2018, Citizen Lab discovered that many of the developers of the Pegasus software were abusing it for surveillance in countries with authoritarian regimes.
Amnesty International and a non-profit project known as Forbidden Stories revealed that the NSO Group secretly deployed spyware on iOS devices.
And Citizen Lab previously detected a zero-day exploit being used by Pegasus on an iPhone 12 Pro running iOS 14.6 targeting zero-day zero-click iMessage exploit, which did not require interaction from the targets.
“These most recent discoveries indicate NSO Group’s customers are currently able to remotely compromise all recent iPhone models and versions of iOS,” Amnesty International and Forbidden Stories added.