Pegasus Apple Hack: A new exploit from the NSO Group’s Pegasus surveillance tool, which targets iPhones and other Apple devices through iMessage, has been discovered by spyware researchers. This is yet another indication that chat apps have become a popular way to hack into the devices of political dissidents and human rights activists.
According to researchers at Citizen Lab, who identified the exploit in the iPhone data of a Saudi political activist and notified the firm about it, Apple released a fix on Monday to close the vulnerability.
In fact, this is the first time that malicious code used in a Pegasus hack has been uncovered by researchers since the beginning of 2019. New insights into the practices of the firm have emerged as a result of the Pegasus Project, a multipart global investigation by The Washington Post and 16 other news organizations, which was launched in July this year.
Due to the individual’s request, the researchers declined to identify the Saudi activist who was the object of their investigation. They also did not disclose which NSO governmental client they believe was responsible for the use of Pegasus against this individual.
They did say that the hacking technique used, which they dubbed FORCED ENTRY, has been in use since at least February and is capable of infiltrating Apple iPhones, MacBooks, and Apple Watches in a “zero-click attack,” which is something of a specialty for NSO, which is based in Israel and infiltrating Apple devices invisibly.
The activist, who has asked not to be identified since he or she is still in Bahrain, is a member of the Bahrain Center for Human Rights, an award-winning nonprofit organization that works to promote human rights in the Gulf state.
Despite a ban issued by the kingdom in 2004 following the imprisonment of the group’s director for publicly criticizing the country’s then-prime minister, the organization continues to operate.
The activist’s iPhone 12 Pro was inspected by Citizen Lab, an internet watchdog headquartered at the University of Toronto, which discovered evidence that it had been hacked beginning in February using a so-called “zero-click” assault, which does not involve any user interaction to infect a victim’s device.
The zero-click assault takes advantage of a previously discovered security flaw in Apple’s iMessage system, which was exploited to deliver the Pegasus spyware, produced by Israeli business NSO Group, to the activist’s phone without the activist having to do anything.