



Project Zero, Google’s top security expert, decodes the zero-click Pegasus code and posts it online. They are worried about its sophistication.

The zero-click attack was worried by Google’s Project Zero cybersecurity experts and described the attack as “terrifying”, ensuring that it could target all iOS systems. Project Zero has been working full-time since 2014, when vulnerabilities began to rise to new levels. The team focuses on all hardware and software vulnerabilities, as well as attacks and software flaws in the Google environment.

The Israeli company NSO Group has been internationally recognized for its Pegasus scandal. Pegasus is a spyware developed by NSO used to spy on iPhone users. Spyware was sold to activists, journalists, and even governments deployed to spy on diplomats. Citizen Lab and Amnesty International ensure that human rights defenders in countries such as Morocco and Bahrain are victims of Pegasus.

Project Zero experts recently released a blog explaining how zero-click attacks work on raw code. Security experts said the code and its technology are one of the most sophisticated things we’ve ever encountered. Project Zero has analyzed attacks on the iPhone, but what they are worried about is that they can target any device. They say that the capabilities of spyware developed by NSO exceed the defense capabilities of all nation-states, including those with the most developed cybersecurity systems.

Elegantly wasted on file compression and decompression code extraction with zero-click attacks analyzed by Google Project Zero

Zero-click attacks are changing the rules of the game. The previous technique, called one-click, required the user to perform some activity, such as clicking a link. But what makes zero-click attacks dangerous is that the code doesn’t require any action to break through the backdoor.

Project Zero said it knows that NSO sells a similar zero-click feature for Android devices. But they couldn’t get those codes, so they really don’t know how they work. That’s why Project Zero called on people to contact someone who has a sample of a zero-click Android attack. Project Zero and Apple’s Security Engineering and Architecture SEAR group analyzed a sample called FORCE DENTRY provided by Citizen Lab. The team posted the findings online in detail.

Project Zero explained that the entry point for Pegasus on the iPhone is iMessage. Endless loop GIFs are used in what is called a “fake gif” trick. This trick exposes hundreds of thousands of lines of code remotely in an ambiguous and complex way. Similar files that require compression and decompression are used to hide the code. Files mentioned in Project Zero include PDF, JBIG2 streams, etc. Google’s Project Zero will continue to post cybersecurity findings online. It seems that they want to shed light on the darkness of these attacks that they rely on to survive.

Source: Project Zero

