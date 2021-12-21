



Google’s Project Zero, a team of security analysts focused on finding software vulnerabilities that could be exploited by hackers, has released an analysis of Forced Entry exploits. The ForcedEntry exploit was created by Israel-based cyberweapon company NSO Group. Known for spyware, NSO Group used ForcedEntry to exploit a vulnerability in Apple’s iMessage platform to deploy Pegasus spyware. Project Zero used a sample of Forced Entry provided by the Citizen Lab at the University of Toronto. This was the first discovery of an NSO exploit. Project Zero states that ForcedEntry uses a zero-click attack for more details on the exploit. This means that the victim does not need to click the link or give permission for the hack to work. This hack bypassed Apple’s iOS Zero Click protection, used Apple’s iMessage to hijack the device, and installed Pegasus, the NSO Group software used by spies. ForcedEntry is a malicious PDF file that uses the way iMessage accepts and interprets files such as GIFs to trick the platform and without user involvement. This exploit took advantage of the weaknesses of older compression technology designed to scan documents with a physical scanner to create compressed PDF files. This same technology is still used in computers today.

ForcedEntry uses a script created with logical commands written directly to a masked PDF file. This allows you to establish and execute your entire attack while hiding inside iMessage, making your search even more difficult. The fact that ForcedEntry uses such technology makes it unique because many similar attacks require the use of so-called command and control servers to direct embedded malware. ..

Regarding the ForcedEntry attack, John Scott-Railton, a senior researcher at Citizen Lab, said: Impressive and dangerous privately developed malware is possible. “

In September, the University of Toronto’s Citizen Lab reported that the Israel-based NSO Group used the ForcedEntry exploit to hack and install Pegasus spyware on selected users’ phones. Pegasus was used to read messages, track calls and locations, and collect sensitive information from apps. Spyware can also access the phone’s camera and microphone. After the report, Apple released a series of patches to contain the Forced Entry attack and fix the iMessage vulnerability.

Sources 1/ https://Google.com/ 2/ https://www.phonearena.com/news/google-releases-its-pegasus-hack-analysis-about-how-iPhone-security-was-compromised_id137289

