Security19.04.2023

Government spyware vendor targets iPhones with zero-click attack

Security researchers at Citizen Lab have revealed that customers of notorious Israeli spyware company NSO Group used three new zero-click exploits to hack iPhones in 2022.

While most security vulnerabilities that could lead to malware being deployed on a user’s phone typically require a victim to open a malicious link or compromised file, zero-click exploits execute an attack without any user action.

Citizen Lab discovered infections on iPhones belonging to members of Mexican civil society groups, including human rights advocates from a firm representing victims of military abuse in that country.

“Our ensuing investigation led us to conclude that, in 2022, NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets around the world,” the researchers said.

The attacks exploited vulnerabilities in several iOS features — including Find My, iMessage, and HomeKit.

The three zero-click exploits were labelled and described as follows:

  • PWNYOURHOME — Novel two-step exploit that first targets the HomeKit and then the iMessage processes in iOS 15 and iOS 16.
  • FINDMYPWN — Another two-step exploit that targets the Find My feature and then iMessage in iOS 16.
  • LATENTIMAGE — Detected on a single phone with an unspecified iOS version. It could also involve the Find My feature but uses a different exploit chain.

Citizen Lab held back releasing details of these exploits to give Apple time to fix the vulnerabilities.

NSO Group is infamous for providing its Pegasus spyware to governments with poor human rights histories to spy on their high-profile opponents.

Mexico’s government and military have a history of serious human rights abuses, with an estimated 1,200 disappearances of individuals fighting against the Institutional Revolutionary Party-controlled government between 1968 and 1980.

The United Nations said that the total number of officially-registered disappearances in the country stood at 100,000 last year.

An investigation dubbed the Pegasus Project found that Rwanda had been one of NSO Group’s biggest customers between 2016 and 2021.

Rwandan President Paul Kagame reportedly put more than 3,500 phone numbers on a list of persons of interest for surveillance, including South African President Cyril Ramaphosa.

Apple introduced a Lockdown Mode security feature in July 2022,  specifically aimed at users who might be prime targets of government surveillance.

It severely limits certain iPhone features to minimise the risk of zero-click attacks.

Citizen Lab said the feature had sent real-time warnings to some targeted users that prevented the PWNYOURHOME exploit from running on their devices.

“Although NSO Group may have later devised a workaround for this real-time warning, we have not seen PWNYOURHOME successfully used against any devices on which Lockdown Mode is enabled,” Citizen Lab said.


Now read: Major ransomware campaign targets Mac devices

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter