Amnesty International found evidence of iPhones being hacked with “zero-click” attacks.

An Amnesty report says NSO Group sold spyware then used to target journalists and activists.
The spyware successfully infected victims’ iPhones by exploit flaws in iMessage.
Amnesty said its findings suggest all iPhones and iOS updates are vulnerable to attack.

See more stories on Insider’s business page.

A forensic analysis by Amnesty International found a type of military-grade spyware was used to successfully break into journalists’ iPhones, apparently by sending iMessages that didn’t even need to be clicked.

The spyware is made by Israeli company NSO Group, a private firm that sells advanced hacking tools to clients including governments.

A group of 17 media outlets and Amnesty International published a report Sunday claiming NSO Group’s Pegasus software was used by its clients to hack the phones of at least 37 journalists, activists, politicians, and business executives around the world.

NSO Group strongly denied the report, claiming it contained factual inaccuracies and lacked evidence.

Amnesty International published a forensic methodology report of how it analyzed targets’ phones to discover whether they had been compromised by Pegasus.

The organization found evidence of “zero-click” iMessage attacks being targeted at journalists going back to 2018, with alarming implications for iPhone security. Zero-click attacks don’t require any interaction from the victim to break into a phone.

Amnesty said it analyzed a fully updated iPhone 12 belonging to an Indian journalist which showed signs of “successful compromise” following a zero-click attack as recently as June 16, 2021.

“These most recent discoveries indicate NSO Group’s customers are currently able to remotely compromise all recent iPhone models and versions of iOS,” the report warns.

  Saugus’s Abbey Weitzel first from Southern California to win a medal at Tokyo Olympic Games

Read more: Phone-hacking spyware startup NSO Group claimed US and French security experts would advise on human rights. All three advisors left the company within a year.

Bill Marczak, a research fellow at the University of Toronto’s digital surveillance specialists Citizen Lab, said on Twitter the lab likewise found evidence of zero-click message attacks being used to break into the latest iPhones.

Marczak said some of the zero-click attacks exploited Apple’s ImageIO, which allows Apple devices to read and display images.

-Bill Marczak (@billmarczak) July 18, 2021

Amnesty also found evidence of a zero-click attack targeted at an Azerbaijani journalist in 2020 involving Apple Music. Amnesty said its analysis couldn’t ascertain whether Apple Music was used to infect the phone, or if the exploit began with a different app.

Amnesty said it reported its findings to Apple, which said it would investigate the matter.

The organization said NSO Group clients had previously relied on attacks that would send a malicious link to a victim, whose device would become infected once they click on it.

Apple said in a statement that the iPhone remains one of the safest consumer devices.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Apple security engineering chief Ivan Krstić said in a statement, adding …read more

Source:: Business Insider


(Visited 1 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *