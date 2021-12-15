



Israeli spyware developer NSO Group has been shocking the global security community for years with its aggressive and effective hacking tools targeting both Android and iOS devices. As its products are being abused by customers around the world, NSO Group is currently facing sanctions, high-profile proceedings and an uncertain future. But there’s an even more fundamental warning in a new analysis of spyware maker Forced Entry iOS exploits deployed in numerous targeted attacks against activists, opponents, and journalists this year. Private companies can create the most elite technical ingenuity and sophisticated hacking tools. A government-sponsored development group.

Google’s Project Zero Bug Hunting Group analyzed Forced Entry using samples provided by researchers at the Citizen Lab at the University of Toronto. This sample was widely published this year on exploit-based targeted attacks. Amnesty International researchers also conducted an important survey of hacking tools this year. This exploit launches a zero-click or no-interaction attack. That is, the victim does not need to click on the link or give permission to proceed with the hack. Project Zero uses a set of clever tactics from Forced Entry to target Apple’s iMessage platform, bypassing the protections the company has recently added to make such attacks more difficult, and skillfully hijacking devices to NSO’s. Discovered to install the flagship spyware implant Pegasus.

Apple released a series of patches in September and October. These patches mitigate ForcedEntry attacks and enhance iMessage against similar attacks in the future. However, Project Zero researchers write in the analysis that ForcedEntry is one of the most technically sophisticated exploits we’ve ever seen. They say the NSO Group has achieved a certain level of innovation and sophistication. It is generally believed to be reserved for small executives of nation-state hackers.

Project Zero’s Ian Beer and Samuel Gro have never seen an exploit that builds equivalent functionality from such a limited starting point, interacting with an attacker’s server, loading JavaScript or a similar script engine. By email to WIRED. Many people in the security community believe that this type of exploit single-shot remote code execution has solved the problem. They believe that the mitigations offered by mobile devices are too heavy to build reliable single-shot exploits. This shows that not only is it possible, but it is definitely used in the wild for people.

Following Project Zero’s investigation into the threat of zero-click attacks, Apple has added iMessage protection called Blast Door to iOS 14 in the 2020s. Beer and Gro say BlastDoor seems to have succeeded in making the delivery of non-interaction iMessage attacks much more difficult. Making attackers work harder and take more risk is part of a plan to make zero-day attacks difficult, they told WIRED. But NSO Group finally found a way.

ForcedEntry takes advantage of the weaknesses of how iMessage accepts and interprets files such as GIFs to trick the platform into opening malicious PDFs without the victim doing anything. The attack exploited a vulnerability in a traditional compression tool used to process text in images from physical scanners, allowing NSO Group customers to completely hijack the iPhone. Basically, the 1990s algorithms used to compress copies and scans are still lurking in modern communication software, with all the flaws and baggage associated with them.

