Security News > 2021 > August > Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group
A previously undisclosed "Zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists.
"The hacked activists included three members of Waad, three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq," researchers from University of Toronto's Citizen Lab said in a report published today, with four of the targets hacked by an actor it tracks as LULU and believed to be the government of Bahrain.
Citizen Lab called the new exploit chain "FORCEDENTRY.".
The very next month after its existence came to light, Citizen Lab said it observed NSO Group deploying FORCEDENTRY - which Amnesty International dubbed "Megalodon" - against iOS versions 14.4 and 14.6 as a zero-day expressly engineered to get around the BlastDoor feature by crashing IMTranscoderAgent, a service responsible for transcoding and previewing images in iMessage, in order to download and render items from the Pegasus infection server.
"Despite a half-decade of being implicated in human rights abuses, NSO Group regularly claims that they are committed to protecting human rights," the researchers said.
"The sale of Pegasus to Bahrain is particularly egregious, considering that there is significant, longstanding, and documented evidence of Bahrain's serial misuse of surveillance products including Trovicor, FinFisher, Cellebrite, and, now, NSO Group," the Citizen Lab team added.
News URL
Related news
- NSO Group used another WhatsApp zero-day after being sued, court docs say (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
- NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- NSO Group Spies on People on Behalf of Governments (source)
- Mitel MiCollab zero-day flaw gets proof-of-concept exploit (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)