Security News > 2021 > August > Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group
A previously undisclosed "Zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists.
"The hacked activists included three members of Waad, three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq," researchers from University of Toronto's Citizen Lab said in a report published today, with four of the targets hacked by an actor it tracks as LULU and believed to be the government of Bahrain.
Citizen Lab called the new exploit chain "FORCEDENTRY." It's also a zero-click exploit, meaning that it can be used to trigger an infection simply by sending a malicious message to the target, even without having to click a link or view the message in question.
"As always, if NSO receives reliable information related to misuse of the system, the company will vigorously investigate the claims and act accordingly based on the findings," a spokesperson for NSO Group told The Guardian.
The very next month after its existence came to light, Citizen Lab said it observed NSO Group deploying FORCEDENTRY - which Amnesty International dubbed "Megalodon" - against iOS versions 14.4 and 14.6 as a zero-day expressly engineered to get around the BlastDoor feature by crashing IMTranscoderAgent, a service responsible for transcoding and previewing images in iMessage, in order to download and render items from the Pegasus infection server.
"Despite a half-decade of being implicated in human rights abuses, NSO Group regularly claims that they are committed to protecting human rights," the researchers said.
News URL
Related news
- NSO Group used another WhatsApp zero-day after being sued, court docs say (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
- NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)