'Pegasus' in the headlines again: Apple issues emergency update because of security breach
Researchers from the Citizen Lab organization uncovered a security breach that enables installation of the spyware of Israel's NSO without the owners of the devices having to click on a link – a version of "Pegasus" that is more advanced than the previous ones
Cybertech
| 18/09/2021
REUTERS/Eduardo Munoz
The NSO company is in the headlines again. On Monday, Apple released an emergency update for patching a critical vulnerability in all of its devices (iPhones, iPads, Mac computers and Apple Watches) after researchers from the Citizen Lab organization at the University of Toronto uncovered a security breach that enables the installation of "Pegasus" spyware, the flagship product of the Israeli company, without the owners of the devices being requested to click on a link or take any other action – a version of Pegasus that is more advanced than the previous ones. The software takes over the device by sending a message on the Apple messaging app, and then penetrating the device using a vulnerability in the way that the device processes images.
"Apple is aware of a report that this issue may have been actively exploited," Apple said in a statement on the emergency update. The New York Times reported that Apple’s security team worked around the clock to develop a fix since Tuesday of last week, after researchers discovered that an anonymous Saudi activist's iPhone had been infected with an advanced version of the software, following a check since March. The newspaper said the "zero click remote exploit" is considered "the Holy Grail of surveillance" because it allows governments, mercenaries and criminals to break into someone's device without raising the victim's suspicion.
The Pegasus software "can do everything an iPhone user can do on their device and more," said John Scott-Railton, a private researcher at Citizen Lab and member of the team that discovered the vulnerability, in a comment to the New York Times. Among other things, the software can turn on a user's camera and microphone, as well as record messages, emails and messages (even encrypted ones) and send them back to NSO's clients around the world. Citizen Lab said that it believes that the exploit, which it calls FORCEDENTRY, has been active since at least February, and urged all Apple customers to immediately update their devices. In a statement it released, Citizen Lab provided the technical details and the course of events that enabled it to reach its conclusions.
"Despite promising their customers the utmost secrecy and confidentiality, NSO Group’s business model contains the seeds of their ongoing unmasking," Citizen Lab's statement said. "Selling technology to governments that will use the technology recklessly in violation of international human rights law ultimately facilitates discovery of the spyware by investigatory watchdog organizations, as we and others have shown on multiple prior occasions, and as was the case again here."
NSO did not respond to the international media's requests for comment. In July, a statement titled "ENOUGH IS ENOUGH!" was posted on the company's website after publication of the details of "Project Pegasus" by leading international media organizations. In the statement, the company said that the list of names that was published "is not a list of targets or potential targets of Pegasus. The numbers in the list are not related to NSO group." It also said that it "will continue its mission of saving lives, helping governments around the world prevent terror attacks, break up pedophilia, sex, and drug-trafficking rings, locate missing and kidnapped children, locate survivors trapped under collapsed buildings, and protect airspace against disruptive penetration by dangerous drones."
Researchers from the Citizen Lab organization uncovered a security breach that enables installation of the spyware of Israel's NSO without the owners of the devices having to click on a link – a version of "Pegasus" that is more advanced than the previous ones
REUTERS/Eduardo Munoz
The NSO company is in the headlines again. On Monday, Apple released an emergency update for patching a critical vulnerability in all of its devices (iPhones, iPads, Mac computers and Apple Watches) after researchers from the Citizen Lab organization at the University of Toronto uncovered a security breach that enables the installation of "Pegasus" spyware, the flagship product of the Israeli company, without the owners of the devices being requested to click on a link or take any other action – a version of Pegasus that is more advanced than the previous ones. The software takes over the device by sending a message on the Apple messaging app, and then penetrating the device using a vulnerability in the way that the device processes images.
"Apple is aware of a report that this issue may have been actively exploited," Apple said in a statement on the emergency update. The New York Times reported that Apple’s security team worked around the clock to develop a fix since Tuesday of last week, after researchers discovered that an anonymous Saudi activist's iPhone had been infected with an advanced version of the software, following a check since March. The newspaper said the "zero click remote exploit" is considered "the Holy Grail of surveillance" because it allows governments, mercenaries and criminals to break into someone's device without raising the victim's suspicion.
The Pegasus software "can do everything an iPhone user can do on their device and more," said John Scott-Railton, a private researcher at Citizen Lab and member of the team that discovered the vulnerability, in a comment to the New York Times. Among other things, the software can turn on a user's camera and microphone, as well as record messages, emails and messages (even encrypted ones) and send them back to NSO's clients around the world. Citizen Lab said that it believes that the exploit, which it calls FORCEDENTRY, has been active since at least February, and urged all Apple customers to immediately update their devices. In a statement it released, Citizen Lab provided the technical details and the course of events that enabled it to reach its conclusions.
"Despite promising their customers the utmost secrecy and confidentiality, NSO Group’s business model contains the seeds of their ongoing unmasking," Citizen Lab's statement said. "Selling technology to governments that will use the technology recklessly in violation of international human rights law ultimately facilitates discovery of the spyware by investigatory watchdog organizations, as we and others have shown on multiple prior occasions, and as was the case again here."
NSO did not respond to the international media's requests for comment. In July, a statement titled "ENOUGH IS ENOUGH!" was posted on the company's website after publication of the details of "Project Pegasus" by leading international media organizations. In the statement, the company said that the list of names that was published "is not a list of targets or potential targets of Pegasus. The numbers in the list are not related to NSO group." It also said that it "will continue its mission of saving lives, helping governments around the world prevent terror attacks, break up pedophilia, sex, and drug-trafficking rings, locate missing and kidnapped children, locate survivors trapped under collapsed buildings, and protect airspace against disruptive penetration by dangerous drones."
