Pegasus spyware hacking: New iPhones running iOS 14 may be hacked via a zero-click iMessage vulnerability, according to reports

Pegasus spyware hacking: New iPhones running iOS 14 may be hacked via a zero-click iMessage vulnerability, according to reports

Amnesty International, which unearthed the leaked database in collaboration with Pegasus Project, which is a consortium of news organisations that have seen the leaked database, has refuted NSO Group’s claims that Pegasus is used to investigate crime and terrorism-related cases and that it does not leave any traces. Amnesty International’s Security Lab carried out an in-depth forensic analysis of several mobile phones of human rights defenders and journalists from around the world to find out that Pegasus’s surveillance is not just a violation of user privacy, it also goes against human rights.

According to a researcher, iPhone’s zero-click exploit was used to install Pegasus.
NSO Group’s Pegasus software is notorious for being a spying tool.
WhatsApp has criticised NSO Group for developing tools like Pegasus.
Pegasus spyware-making Israeli company, NSO Group, has found itself in dire straits again. The software was used to snoop on a large set of people, as their mobile numbers were found in a leaked database. NSO Group’s spyware is already notorious for giving backdoors to the mobile phones of the targeted entities. Both Android and the iPhone are the targets, but the latter is easier to be put on surveillance through Pegasus. And, according to a report, Apple’s zero-click exploit on iMessage made this job far easier.

According to the forensic methodology report by Amnesty, Apple’s iPhone is the easiest to snoop on using the Pegasus software. The leaked database shows that iPhones running iOS 14.6 contain a zero-click iMessage exploit and this exploit could have been used to install Pegasus software on the iPhone devices of the targeted entities. This exploit was discovered by Citizen Labs previously. It was known as KISMET and it allowed the installation of Pegasus software for the purpose of complete surveillance. The exploit was patched through an urgent software update that Apple released, but it seems like the exploit remains dormant until a zero-click is fired.

ADVERTISEMENT

Citizen Lab’s researcher Bill Marczak said that Apple has a major problem with iMessage’s security even after the patch, which brought the BlastDoor Framework as a part of the iOS 14 update. Apple’s BlastDoor Framework is supposed to make zero-click exploitation more difficult, thereby making the installation of the Pegasus spyware. However, the BlastDoor Framework may not be working as intended. Case in point: the fresh Pegasus surveillance scandal, which involves not just prominent journalists from around the globe, but also ministers and other high-profile entities. The researcher has noted that the spyware installed through zero-click exploits is no longer “persistent”.

According to Marczak, Apple using just sandboxing on iMessage does not solve what BlastDoor Framework should ideally. This means that whatever properties that BlastDoor has are kind of weakened by the sandboxing process, giving access to zero-click exploits. “How about: “don’t automatically run extremely complex and buggy parsing on data that strangers push to your phone?!”” said Marczak in a tweet. The leaked database of the targeted iPhones has call logs and it was possible for Pegasus to retrieve them using an exploit in the ImageIO in iOS 13 and iOS 14 by parsing JPEG and GIF images. Marczak said that there have been “a dozen” high-severity bugs in Apple’s ImageIO.

ADVERTISEMENT

Pegasus has raised several questions, more so when the clients using it involve governments from all around the world. WhatsApp has already slammed NSO Group for providing tools that make privacy a severely unimportant aspect. But a bigger question looms over Apple’s claims that it has time and again made to show how iPhones are the epitome of user privacy. If a single zero-click exploit could have allowed mass surveillance, imagine what other vulnerabilities could do. Apple has not said anything about the incident yet.

The News Highlights

  • Pegasus spyware hacking: New iPhones running iOS 14 may be hacked via a zero-click iMessage vulnerability, according to reports
  • Check the latest update on Security news
  • .

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
The Grand Coteau Police Department is experiencing phone line problems
The Grand Coteau Police Department is experiencing phone line problems
A spokesperson for the department said a fiber line was apparently cut by Centerlink crews working in the area, which is affecting lots of nearby businesses, ...
Washington hospitals ‘very crowded’ amid rise in COVID-19 cases
Washington hospitals ‘very crowded’ amid rise in COVID-19 cases
Because of the surge, the hospital association’s board of directors is urging hospitals and health care providers to require their employees get the vaccine, ...
New Law Will Effectively End Immigrant Detention in Illinois
New Law Will Effectively End Immigrant Detention in Illinois
“Every family, every child, every human being deserves to feel safe and secure in the place that they call home,” Pritzker said at an event in Aurora where ...
Amazon warehouse open for business in Republic, Missouri
Amazon warehouse open for business in Republic, Missouri
Community leaders see the opening of the Amazon facility as the next step in the city’s growth, which has seen its population nearly triple since 1990. ...
These investment mistakes will cost you money
Business Highlights: Vaccine Pressure, Manufacturing Growth
___ CDC can’t stop evictions, as Biden calls on states to act US employers ratchet up the pressure on the unvaccinated NEW YORK (AP) — Employers are ...
This new Android banking virus can capture everything that happens on your phone’s screen
This new Android banking virus can capture everything that happens on your phone’s screen
According to ThreatFabric, Vultur is the first Android banking trojan it discovered that uses both screen recording and keylogging as its main strategy to ...
Inside the $ 7 billion merger of Sequoia Financial and Wealthstone Advisors
NYSUT Statement on COVID-19 Vaccinations for K-12 School Employees | News
The statement reads “We have advocated since the beginning of the year that any educator who wants a vaccine should have easy access to one. We would ...
FedEx driver shot in Alabama in apparent traffic violence case
FedEx driver shot in Alabama in apparent traffic violence case
Police on Monday were still searching for the shooter. The gunfire happened Monday on Interstate 59/20. Birmingham Fire and Rescue Service said the FedEx ...
Edwards named UF College of Medicine-Jax Dean after Haley’s death
Edwards named UF College of Medicine-Jax Dean after Haley’s death
“The loss of Dr. Haley has deeply impacted all of us. But in knowing Dr. Haley and his commitment to the future of UF Health, we are taking steps to ensure ...
Are you dissatisfied with the battery life of your iPhone? Apple may finally have a solution
Are you dissatisfied with the battery life of your iPhone? Apple may finally have a solution
The report explains: “Apple is expected to significantly increase the adoption of IPD (integrated passive devices) for new iPhones and other iOS products, ...
Show next
Compsmag - Latest News from tech, business and health
Logo