Researchers at Citizen Lab have found a exploit in a Saudi worker’s iPhone
A serious iPhone software vulnerability has been unearthed accused of providing spying technology to autocratic governments. Here’s what you need to know.
a. When analyzing the phone of Saudi Activists, Citizen Lab researchers discovered a so-called “zero-day zero-click exploit” targeting Apple’s iMessage. The exploit is used against Apple iOS, MacOS and WatchOS devices, Citizen Lab said.
|anchor||the protection||The last||Change||Change %|
NSO Group, which provides a proprietary software called Pegasus, is behind the exploit, said Citizen Lab, which described the Israel-based firm as a “hire spyware company.”
California college student tapped into phone accounts to steal cryptocurrency in SIM swap scam, Fed says
Spyware can turn a phone into a spying tool that captures geographic location, call logs, contact lists and even photos. According to Kaspersky Lab.
The company used the vulnerability to infect the latest Apple devices with Pegasus spyware, which Citizen Lab called Forsadentry. Citizen Lab said it has been in use since at least February 2021.
Zero-days and zero-clicks make it particularly malicious, says Hank Schles, senior manager, Security Solutions look outside, a San Francisco, California-based cloud security company, explained to Granthshala Business.
“A zero-day vulnerability is one that has either not been discovered or, more importantly, is known, but no fix has yet been released for it,” Schles said. Throw zero-clicks at him and the exploit becomes especially harmful because the user doesn’t have to do anything, according to Schless. Typically, the user must click on a link, download a file, visit a website, or install an application to activate the malware.
Apple, Google, Amazon are spying on you, claim lawsuits
Apple responded quickly and released a fix for the iPhone and iPad on September 13. The improvements are now available as a security update for iOS and iPadOS. Apple described the vulnerability: “Maliciously Created PDF” [that] Arbitrary code execution can happen.”
“We would like to commend Citizen Lab for successfully completing the very difficult task of obtaining a sample of this exploit so that we can implement this fix,” Evan Kristik, Apple’s head of security engineering and architecture, said in a statement to Granthshala Business. develop quickly.” .
“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Christic said. are not a threat to the overwhelming majority of our users.”
Citizen Lab accused NSO of “selling technology to governments that would recklessly use the technology in violation of international human rights law.”
“Autocratic governments” are willing to pay “large sums” of hacks to their critics, Citizen Lab said, adding that “spyware companies hire enough resources to identify software vulnerabilities on widely used applications.” and then packages those exploits to eager government customers, creating a highly lucrative but widely abused commercial surveillance marketplace.”
What data do Apple and Google collect on you
Similar allegations were made in a July report by Amnesty International.
“NSO Group claims its Pegasus spyware is only used for ‘terrorism and crime investigation’ and ‘leaves no trace.’ This forensic methodology report shows that none of these statements are true.” Amnesty International said.
A July report in the Washington Post said NSO’s “military-grade spyware” was used to hack the smartphones of journalists, human rights activists, business executives and “two women close to the murder of Saudi journalist Jamal Khashoggi”. had gone.
The phones were on a list of more than 50,000 numbers that are “concentrated” in countries that engage in civilian surveillance and are known to be customers of the NSO Group, the report said.
NSO states on its website that it develops “best-in-class technology to help government agencies detect and prevent terrorism and crime”.
Get Granthshala Business on the go by clicking here
“Our regular adversaries have no real solution to the security challenges of the 21st century. Their self-inflicted and misguided campaign is a boon to terrorists, criminals and pedophiles,” NSO Group said in a statement sent to Granthshala Business.
“In the meantime, the NSO Group will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime,” NSO said.