A new NSO zero-click attack evades Apple’s iPhone security protections, says Citizen Lab | WHAT REALLY HAPPENED X-Frame-Options: DENY X-Frame-Options: SAMEORIGIN

A new NSO zero-click attack evades Apple’s iPhone security protections, says Citizen Lab

ABahraini human rights activist’s iPhone was silently hacked earlier this year by a powerful spyware sold to nation-states, defeating new security protections that Apple designed to withstand covert compromises, say researchers at Citizen Lab.

The activist, who remains in Bahrain and asked not to be named, is a member of the Bahrain Center for Human Rights, an award-winning nonprofit organization that promotes human rights in the Gulf state. The group continues to operate despite a ban imposed by the kingdom in 2004 following the arrest of its director for criticizing the country’s then-prime minister.

Citizen Lab, the internet watchdog based at the University of Toronto, analyzed the activist’s iPhone 12 Pro and found evidence that it was hacked starting in February using a so-called “zero-click” attack, since it does not require any user interaction to infect a victim’s device. The zero-click attack took advantage of a previously unknown security vulnerability in Apple’s iMessage, which was exploited to push the Pegasus spyware, developed by Israeli firm NSO Group, to the activist’s phone.

Comments

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA