Apple has released a patch to fix the infamous zero-click iPhone spyware by Israel after the reports of a major security flaw. There is an urgent request for all iPhone users to update their device to the latest patch (iOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2) as soon they can. The spyware is likely to be active and is capable of intercepting calls, stealing user’s passwords and data along with accessing cameras and microphones. If the security flaw is not fixed timely, it can make the user’s device vulnerable to spyware attacks.
According to reports, a team of researchers at the University of Toronto’s Citizen Lab discovered the exploit while analyzing a Saudi activist’s phone infected with Pegasus spyware. They reported that this security problem can let any hacker access the device through the iMessage service even if the users are not clicking anything. It means that the victims will not be able to realize if they were being hacked. The Citizen Lab researchers referred to the exploit as FORCEDENTRY and attributed it to Israel’s mercenary company for surveillance, NSO Group.
How does iPhone Spyware connect to NSO Group?
Reportedly, the government clients of NSO Group have been using the zero-click security flaw to secretly access Apple devices since February 2021. At that time Apple made changes to its systems in iOS 14.5 version which was supposed to make it harder for hackers to control iPhone through the zero-click exploit. Yet, the researchers were able to find it in March 2021 on an activist’s phone. They attributed the hack to NSO Group because it exhibited similar behavior as Pegasus spyware. According to the reports, the FORCEDENTRY exploit showed a bug called CASCADEFAIL which failed to completely delete the evidence of hack from the DataUsage.SQLite file.
CASCADEFAIL deletes the entry from the file’s ZPROCESS table but not the ZLIVEUSAGE table. The team said that they had only seen such incompletion deletion with NSO’s Pegasus. Moreover, the iPhone spyware installed in Saudi activist’s device through zero-click used multiple process names. One of these names included ‘setframed’ which previously appeared in a Pegasus attack on Al Jazeera’s journalist in 2020.
Israeli Surveillance Giant Responds to Media Question
When the media asked NSO Group for comment, the company maintained that its spyware was only meant for licensed usage. It said that only law enforcement agencies were allowed to target terrorists and other criminals through it. However, recent investigations revealed that Pegasus spyware was being used by government clients to target human rights activists, dissidents, and journalists worldwide. NSO issued a statement that it will continue to provide such “life-saving” technologies to government agencies.
The company failed to neither confirm nor deny the results of Citizen Lab’s discovery. Apple on the other hand stated that its security issue may have been exploited so it rushed to release a security update. Critics however believed that Apple and NSO were probably in the same league so the exploit was likely intentional. Moreover, the targets of Pegasus also did not seem violent like the latest person who was targeted just for being an activist.
Experts warned that updating to new software may protect against the iPhone spyware but NSO was a type of company that regularly looked for new methods to breach users’ devices. Most likely it would turn to something else if Apple had actually blocked FORCEDENTRY.
Questionable Reputation of Apple and NSO Group
The reports add to the existing concerns regarding Apple that whether the company is taking enough steps to protect its users from iPhone spyware. In 2018, tech researchers exposed another vulnerability in iOS known as Trustjacking, which exploited the iTunes Wi-Fi sync feature. It allowed the attacker to assume control of another user’s iPhone if both were connected to the same Wi-Fi network. Security experts have been criticizing Apple for its lackluster protocols while being a huge technology company. Similarly, with NSO, many security advocates raised voices against the surveillance company for unapologetically helping unaccountable government agencies. In 2019, Facebook sued NSO for breaching WhatsApp and targeting high-profile users. Citizen Lab mentioned in the report that this hack was also done through a FORCEDENTRY or zero-click exploit present in iPhones.
Apple did not comment on the specifics of the issue regarding NSO Group but generally claimed that such attacks were highly sophisticated that required a large budget to carry out against specific individuals. The Head of Security at Apple also said there was no need for normal users to worry about these attacks. However, the reports highlighted that users’ devices were not safe and can be hacked by a dedicated team of hackers with cash.