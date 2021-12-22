



Earlier this year, Israel-based company NSO Group was reportedly involved by the government to target activists, politicians and journalists. NSO Group is renowned for selling hacking solutions to well-known clients. The company used the spyware package Pegasus to hack smartphones, including the iPhone. Since the report came to light, the United States has banned companies from doing business with NSO Group, but Apple has also sued the company. Google is now blogging in detail about how Pegasus was used to hack the iPhone.

How does hacking begin?

In a blog post, Google explained that NSO offers zero-click exploit technology. In a zero-click attack, the hacker runs quietly in the background and does not send phishing messages or suspicious links. There is no way to prevent exploits from zero-click exploits other than not using the device. According to Google’s Project Zero team, which analyzes and investigates cybersecurity threats, this is an unprotected weapon. According to Google, for the iPhone, the first entry point for Pegasus is iMessage. Therefore, if the attacker has an Apple ID username or phone number, the attacker can target the victim.

Use fake GIF tricks

The victim gets a GIF file, which actually has a .gif at the end of the filename, but it’s not really a GIF file. Using this “fake gif” trick, over 20 image codecs suddenly become part of iMessage’s zero-click attack surface, containing very vague and complex formats, perhaps hundreds of thousands of lines of code. Google explained that it will be published remotely. Apple completely removed the GIF code path that could cause such an attack on iOS 15 in September 2021, according to Google. The days when extreme compression bandwidth or storage was as big a problem as it used to be are over. However, compression technology was used in the 90’s and is still in use today. According to Google, in the 90’s, an image codec called JBIG2 was used to compress images that could only be black or white in pixels. Many of the PDF files a few years ago could contain JBIG2 streams in the PDF. There are many old algorithms still in use that are exploited in attacks like Pegasus. In an interview with Wired, Project Zero’s Ian Beer and Samuel Gro said hacking is on par with elite national-level spies. This is equivalent to the capacity of a serious nation-state, he says. It’s really sophisticated and it’s completely scary when it’s used by an all-gas, brakeless dictator. And it just wonders to you what else is being used now, waiting to be discovered. If this is the kind of threat facing civil society, it is really an emergency.

