IT House December 18 news, Google recently posted a vulnerability developed by the Israeli network company NSO Group, allowing users of its Pegasus spyware to enter the iPhone and install spyware, which exploits a "zero-click" vulnerability, meaning that the target does not even need to click on a link.
Last month, the Commerce Department added NSO Group to its "entity list" and barred it from entering the U.S. market after evidence that it provided spyware to foreign governments and exploited it to attack government officials, journalists, businessmen, activists, academics and embassy staff. In late November, Apple filed a permanent ban banning NSOs from using any of its software, services, or devices.
With the help of the Citizen Lab at the University of Toronto in Canada, members of Google's "Project Zero" security team unraveled the technical details of the exploit, arguing that it was "one of the most technically sophisticated exploits we've ever seen," and "Project Zero" security team members Ian Beer and Samuel Gro described the NSO's exploit as "incredible" and "terrifying."
The attacker sends a specially crafted iMessage to the target's iPhone that contains a fake animated GIF. Because of the way Apple's software processes these images, it's possible for NSO Group to create a malicious file that impersonates an image and leverage an old software for encoding and decoding images. This software was originally designed to compress large amounts of text PDFs to save memory space. It is just to be able to access a specific part of the memory in the smartphone and perform logical operations to compress the image.
But the NSO Group found a way to break through that piece of memory allocated and use these logical operations to build a rudimentary virtual computer, completely independent of the iPhone's operating system. The virtual computer can then be used to search for specific data, manipulate it, or pass it back to the person who approved the attack.
Alan Woodward of the University of Surrey in the UK says the technology is very complex, saying: "It's almost like a phone in a phone, or an operating system in an operating system." This is pretty clever because it means it's harder to detect. ”
IT House learned that researchers have revealed the vulnerability to Apple, which fixed it in the September iOS 14.8 update. But Woodward warned that such insidious attacks, if carried out prior to the update, could theoretically persist and continue to spy on users. Some users also don't update their phones to the latest operating system, which can hurt them.
![Google Security: "The NSO's vulnerability is the most complex we've ever seen[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)