Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Iphone

NSO Hacked iPhones Without User Clicks in 3 New Ways, Researchers Say (washingtonpost.com) 24

Israeli spyware maker NSO Group deployed at least three new "zero-click" hacks against iPhones last year, finding ways to penetrate some of Apple's latest software, researchers at Citizen Lab have discovered. From a report: The attacks struck phones with iOS 15 and early versions of iOS 16 operating software, Citizen Lab said in a report Tuesday. The lab, based at the University of Toronto, shared its results with Apple, which has now fixed the flaws that NSO had been exploiting. It's the latest sign of NSO's ongoing efforts to create spyware that penetrates iPhones without users taking any actions that allow it in. Citizen Lab has detected multiple NSO hacking methods in past years while examining the phones of likely targets, including human rights workers and journalists.

While it is unsettling to civil rights groups that NSO was able to come up with multiple new means of attack, it did not surprise them. "It is their core business," said Bill Marczak, a senior researcher at Citizen Lab. "Despite Apple notifying targets, and the Commerce Department putting NSO on a blacklist, and the Israeli ministry cracking down on export licenses -- which are all good steps and raising costs -- NSO for the moment is absorbing those costs," Marczak said. Given the financial and legal fights NSO is involved in, Marczak said it was an open question how long NSO could keep finding or buying new exploits that are effective.

This discussion has been archived. No new comments can be posted.

NSO Hacked iPhones Without User Clicks in 3 New Ways, Researchers Say

Comments Filter:
  • And everybody listens in. Obviously these designs have gotten far too complex to be secure.

  • I hired Shawn Kemp to look after my phone for me.

  • by account_deleted ( 4530225 ) on Tuesday April 18, 2023 @10:39AM (#63459038)
    Comment removed based on user account deletion
    • by clovis ( 4684 )

      So if you or I hack or backdoor a device, we either get charged under the DMCA or computer intrusion laws, but an Israeli company is free to do whatever they want?

      How is what they're doing at all legal? Is it because government agencies are purchasing it to spy on their own citizens?

      The US Commerce department did put sanctions on NSO Group, but darned if I can figure out what that means to the NSO group, if anything.
      https://www.commerce.gov/news/... [commerce.gov]

      https://www.aljazeera.com/news... [aljazeera.com]

    • Re: (Score:2, Troll)

      by Arethan ( 223197 )

      The DMCA is US legislation, which has no jurisdiction over companies or citizens that operate within another country.
      https://en.wikipedia.org/wiki/... [wikipedia.org]

      Aside from asking for political favors, a military visit to "spread democracy", or an equally "illegal" clandestine action to directly address the issue, there is nothing the US can do about events that happen outside their borders that are performed by non-US citizens.

      The US claims they don't use software from NSO group, but it doesn't really matter if they d

    • Different countries have different laws? Can't believe it.

    • Apple's lawsuit is ongoing. Your point is quite valid. Apple is furious that NSO is profiting off its ability to break Apple's iOS. This cannot be a legitimate business models. Hackers go to jail, not to the stock market. https://www.apple.com/newsroom... [apple.com] https://news.bloomberglaw.com/... [bloomberglaw.com] https://techcrunch.com/2023/01... [techcrunch.com]
    • Comment removed based on user account deletion
    • So if you or I hack or backdoor a device, we either get charged under the DMCA or computer intrusion laws, but an Israeli company is free to do whatever they want?

      How is what they're doing at all legal? Is it because government agencies are purchasing it to spy on their own citizens?

      I don't think it is.

  • If Apple loses the lawsuit it has going against NSO, then it means that Apple is legally cleared to hack NSO, and Apple should hire the best hackers in the world to destroy NSO. NSO has to be really careful because if it succeeds in claiming that hacking for the purpose of extrajudicial state surveillance is a legitimate business, then NSO itself becomes vulnerable to state sponsored attacks by the US, EU states and any other government that hates it. Be careful what you wish for, as the saw goes. https:// [apple.com]
  • While I am reasonably tech savvy, I do not understand how an operating system can be so (at least seemingly) poorly designed, that it allows this type of attack at all.

    The Pegasus attack, memory serving, simply sends a text message that does not even need to be opened.

    If this is horrible OS software development on Apple's end, then it is fascinating to witness people shelling out a lot of money for a terribly insecure device (that likely includes conducting financial transactions).

    Is there an equivalent 'no

  • Didn't Moxie find unlicensed Apple code when someone sent him NSO stuff to reverse? I was hoping Apple would sue NSO, but never heard anything more. Thoughts? *wanders off to SearX for it* :)

    kind miss the old Slashdot ...

C'est magnifique, mais ce n'est pas l'Informatique. -- Bosquet [on seeing the IBM 4341]

Working...