NSO Hacked iPhones Without User Clicks in 3 New Ways, Researchers Say (washingtonpost.com) 24
Israeli spyware maker NSO Group deployed at least three new "zero-click" hacks against iPhones last year, finding ways to penetrate some of Apple's latest software, researchers at Citizen Lab have discovered. From a report: The attacks struck phones with iOS 15 and early versions of iOS 16 operating software, Citizen Lab said in a report Tuesday. The lab, based at the University of Toronto, shared its results with Apple, which has now fixed the flaws that NSO had been exploiting. It's the latest sign of NSO's ongoing efforts to create spyware that penetrates iPhones without users taking any actions that allow it in. Citizen Lab has detected multiple NSO hacking methods in past years while examining the phones of likely targets, including human rights workers and journalists.
While it is unsettling to civil rights groups that NSO was able to come up with multiple new means of attack, it did not surprise them. "It is their core business," said Bill Marczak, a senior researcher at Citizen Lab. "Despite Apple notifying targets, and the Commerce Department putting NSO on a blacklist, and the Israeli ministry cracking down on export licenses -- which are all good steps and raising costs -- NSO for the moment is absorbing those costs," Marczak said. Given the financial and legal fights NSO is involved in, Marczak said it was an open question how long NSO could keep finding or buying new exploits that are effective.
While it is unsettling to civil rights groups that NSO was able to come up with multiple new means of attack, it did not surprise them. "It is their core business," said Bill Marczak, a senior researcher at Citizen Lab. "Despite Apple notifying targets, and the Commerce Department putting NSO on a blacklist, and the Israeli ministry cracking down on export licenses -- which are all good steps and raising costs -- NSO for the moment is absorbing those costs," Marczak said. Given the financial and legal fights NSO is involved in, Marczak said it was an open question how long NSO could keep finding or buying new exploits that are effective.
iPhone, uPhone, wePhone (Score:2)
And everybody listens in. Obviously these designs have gotten far too complex to be secure.
Re: iPhone, uPhone, wePhone (Score:2)
I skate. You skate. We skate. Maybe we can get together and be a skating couple.
Secure? (Score:2)
Do any of these exploits work if JS is disabled?
Re: (Score:3)
Does the phone still work if JS is disabled?
Re: Secure? (Score:2)
Just try it (Score:2)
I hired Shawn Kemp to look after my phone for me.
Comment removed (Score:4)
Re: (Score:3)
So if you or I hack or backdoor a device, we either get charged under the DMCA or computer intrusion laws, but an Israeli company is free to do whatever they want?
How is what they're doing at all legal? Is it because government agencies are purchasing it to spy on their own citizens?
The US Commerce department did put sanctions on NSO Group, but darned if I can figure out what that means to the NSO group, if anything.
https://www.commerce.gov/news/... [commerce.gov]
https://www.aljazeera.com/news... [aljazeera.com]
Re: (Score:2, Troll)
The DMCA is US legislation, which has no jurisdiction over companies or citizens that operate within another country.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Aside from asking for political favors, a military visit to "spread democracy", or an equally "illegal" clandestine action to directly address the issue, there is nothing the US can do about events that happen outside their borders that are performed by non-US citizens.
The US claims they don't use software from NSO group, but it doesn't really matter if they d
Re: (Score:2)
Re: (Score:2)
Why? Do you think the US doesn't spy on both enemies and allies. Of course it does the recent leaks have proved it does, but it was obvious it was doing it before.
I am sure most countries spy, this is just for show.
Re: (Score:2)
Re: (Score:2)
Different countries have different laws? Can't believe it.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
So if you or I hack or backdoor a device, we either get charged under the DMCA or computer intrusion laws, but an Israeli company is free to do whatever they want?
How is what they're doing at all legal? Is it because government agencies are purchasing it to spy on their own citizens?
I don't think it is.
Apple should hack NSO group (Score:1)
Horrible Design? (Score:1)
While I am reasonably tech savvy, I do not understand how an operating system can be so (at least seemingly) poorly designed, that it allows this type of attack at all.
The Pegasus attack, memory serving, simply sends a text message that does not even need to be opened.
If this is horrible OS software development on Apple's end, then it is fascinating to witness people shelling out a lot of money for a terribly insecure device (that likely includes conducting financial transactions).
Is there an equivalent 'no
Didn't Moxie find unlicensed Apple code? (Score:2)
Didn't Moxie find unlicensed Apple code when someone sent him NSO stuff to reverse? I was hoping Apple would sue NSO, but never heard anything more. Thoughts? *wanders off to SearX for it* :)
kind miss the old Slashdot ...