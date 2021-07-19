



IPhone spyware manufactured by the $ 1 billion surveillance firm NSO has revealed a major issue in Apple iMessage security, according to security experts who have spent years researching Israeli business hacking.

Reports from Amnesty International and Citizen Lab report a so-called zero-click attack that exploits a number of fully patched iPhone 12 vulnerabilities following suspected data breaches on 50,000 potential targets of NSO’s Pegasus Spy Tool. Claimed to have seen. ProMax running iOS 14.6 in July 2021. This included iMessage hacking.

Citizen Lab researcher Bill Marczak told Forbes that Apple iOS can automatically execute data in iMessages and attachments, even from strangers, putting users at risk. He said there was a possibility.

He said it was a disaster recipe. Apple should consider implementing something similar to what Twitter and Facebook have in DM. In this case, messages from strangers are hidden a bit and filtered into a separate pane by default.

The target list obtained by the nonprofit Forbidden Stories focuses primarily on people at high risk of government oversight, from journalists like Financial Times editor Roula Khalaf to those killed, so Marczak is currently doing this. Adds that it’s not a problem for the average iPhone user. Journalist Jamal Khashoggi. The head of state was reportedly on the potential target list. The NSO has been called repeatedly for the past five years after its tools were seen targeting Mexican lawyers, Saudi activists and journalists around the world, but the software has been called by the government for terrorists and pedophilia. Claims to help catch the most vicious criminals, such as those.

But if Apple doesn’t sprout it, this kind of zero-click iMessage attack will inevitably multiply by less sophisticated hackers such as cybercriminals, Marczak warned. Hed previously protected users from such dangerous exploits with Apple’s security mechanism called Blast Door, which was designed to segment iMessage content when it contains malicious links or code. I tweeted that there is no. He pointed out that some abuses exploited ImageIO and its JPEG and GIF image analysis capabilities. ImageIO reported more than 12 severe bugs against it in 2021 and he tweeted.

However, Apple believes the technology does a great job of protecting users from text-based attacks. For example, a technology giant doesn’t visit a web page to get a preview of a site when a website link is sent to a user via iMessage, only accepting a static preview image from the sender. Said. BlastDoor treats these as untrusted and the code at the site you launch should only run in another protected part of the operating system. This blocks hacks initiated by website links.

Apple has explicitly condemned cyberattacks on journalists, human rights activists, and others trying to make the world a better place. According to a Cupertino tech giant spokeswoman, Apple has been an industry leader in security innovation for over a decade, resulting in security researchers making the iPhone the safest and most secure consumer mobile device on the market. I agree that there is.

Attacks such as those described are highly sophisticated, cost millions of dollars to develop, often have short shelf life, and are used to target specific individuals. This means it’s not a threat to the overwhelming majority of users, but we’re constantly striving to protect all our customers, constantly adding new protections to their devices and data. I will.

A spokeswoman added that the next iteration of the Apples operating system should be accompanied by further improvements designed to counter advanced exploits, but didn’t elaborate.

Meanwhile, the NSO suggests to Guardians that reports of 50,000 spyware targets leaked are false and are based on unsubstantiated theories that raise serious questions about the credibility of sources and the basis of the story. I said that I am doing it. Publications such as The Washington Post and Guardian do not mean that an individual device has been infected with Pegasus spyware just because it is on the list of potentially targeted phones. Stated.

The company said the tool was used to target the Khashoggi family after reports suggested that both his ex-wife Hanan Erator and his fiancé Hatice Cengiz were targeted before and after his death. I denied it. (Khashogghi is reported to have been involved with both women at the time of his death.) As the NSO mentioned earlier, our technique had nothing to do with the vicious killing of Jamal Khashoggi. .. You can be sure that our technology was not used to hear, monitor, track, or collect information about him or his family in your inquiry. We have investigated this claim before, but it is also done without verification.

It continued to investigate all credible claims of misuse and promised to take appropriate action based on the results of these investigations.

