Report: active zero-click iMessage exploit in the wild targeting iPhones running the latest software, used against activists and journalists

Technology

9to5Mac 19 July, 2021 - 03:21am 10 views

An explosive report from Amnesty International interpreted device logs to reveal the scope of targeted malware attacks in active use targeting Android and iPhone devices, since July 2014 and as recently as July 2021. Exploited devices can secretly transmit messages and photos stored on the phone, as well as record phone calls and secretly record from the microphone. The attack is sold by Israeli firm NSO Group as ‘Pegasus’.

Whilst the company claims to only sell the spyware software for legit counterterrorism purposes, the report indicates it has actually been used to target human rights activists, lawyers and journalists around the world (as many have long suspected).

Perhaps most alarming for iPhone users, the findings show that there are active exploits against iPhones running the latest iOS 14.6 software, including ones that take advantage of a zero-click vulnerability in iMessage that can install the spyware without any user interaction.

Over the last few years, the Pegasus software has adapted as Apple fixed security bugs with iOS. However, each time, NSO Group has been able to find alternative security bugs to use instead. The lengthy report details several different variants of Pegasus that have been used in the wild.

The records indicate that, in 2019, a bug in Apple Photos allowed malicious actors to gain control of an iPhone perhaps via the iCloud Photo Stream service. After the exploit installs itself, crash reporting is disabled likely to prevent Apple from discovering the exploit too quickly by looking at submitted crash report logs.

Also in 2019, Amnesty says that an iMessage zero-click 0-day was widely used. It appears the hackers create special iCloud accounts to help deliver the infections. In 2020, Amnesty found evidence to suggest that the Apple Music app was now being used as an attack vector.

And fast forwarding to the present day, Amnesty believes Pegasus spyware is currently being delivered using a zero-click iMessage exploit that works against iPhone and iPad devices running iOS 14.6. The exploit also appeared to successfully work against iPhones running iOS 14.3 and iOS 14.4.

Apple significantly rewrote the internal framework that handles iMessage payloads as part of iOS 14, with a new BlastDoor subsystem, however clearly that has not fazed the intruders. It remains unknown whether iOS 14.7 — which will be released to the public this week — or iOS 15 — currently in developer beta — are susceptible to the same zero-click exploit. Perhaps what’s more scary is the fact that NSO Group seems more than able to find and deploy new exploits as soon as Apple patches the current holes, as shown by the five year history of evolving attack vectors reported by Amnesty.

Check out the Amnesty International post for a full detailed breakdown of all the evidence they have published.

FTC: We use income earning auto affiliate links. More.

Benjamin develops iOS apps professionally and covers Apple news and rumors for 9to5Mac. Listen to Benjamin, every week, on the Happy Hour podcast. Check out his personal blog. Message Benjamin over email or Twitter.

New MacBook Pro rumored for between September-November

Apple handing out Ted Lasso stickers at retail stores

Apple’s MagSafe Battery Pack vs the competition

Read full article at 9to5Mac

Pegasus report: Attempt to malign Indian democracy, says IT Minister Vaishnaw in Lok Sabha

The Tribune India 19 July, 2021 - 05:18pm

A -

A -

A +

Union IT Minister Ashwini Vaishnaw speaks in the Lok Sabha in New Delhi, on July 19, 2021. — LSTV/PTI

IT and Communications Minister Ashwini Vaishnaw on Monday dismissed media reports on the use of Pegasus software to snoop on Indians, saying the allegations levelled just ahead of the monsoon session of Parliament are aimed at maligning Indian democracy.

In a suo motu statement in the Lok Sabha, Vaishnaw said that with several checks and balances being in place, “any sort of illegal surveillance” by unauthorised persons is not possible in India.

The statement assumes significance in the backdrop of Opposition parties creating a ruckus over the issue in both the Houses of Parliament on the first day of the monsoon session.

The Minister made this statement in response to media reports that spyware Pegasus was being used to conduct surveillance on several Indians, including political leaders, government officials and journalists.

“A highly sensational story was published by a web portal yesterday night.... The press report appeared a day before the monsoon session of the Parliament.

“This cannot be a coincidence. In the past similar claims were made regarding the use of Pegasus on WhatsApp. Those reports have no factual basis and were categorically denied by all parties.... The press report of July 18, 2021, also appeared to be an attempt to malign the Indian democracy and a well-established institution,” the Minister said.

More than 300 verified mobile phone numbers, including of two serving ministers, over 40 journalists, three Opposition leaders and one sitting judge besides scores of business persons and activists in India could have been targeted for hacking through an Israeli spyware sold only to government agencies, an international media consortium reported on Sunday.

The government, however, had dismissed allegations of any kind of surveillance on its part on specific people, saying it “has no concrete basis or truth associated with it whatsoever”. PTI

A -

A +

What do you think? (Share your feedback)

Lok Sabha adjourned for the day

Ravi Shankar Prasad calls it part of conspiracy to disrupt m...

Bathinda MP Harsimrat Kaur Badal moved the motion on the beh...

The PM was addressing reporters ahead of the start of the se...

Huge gathering at new Punjab Congress chief in Patiala

The Tribune, now published from Chandigarh, started publication on February 2, 1881, in Lahore (now in Pakistan). It was started by Sardar Dyal Singh Majithia, a public-spirited philanthropist, and is run by a trust comprising four eminent persons as trustees.

The Tribune, the largest selling English daily in North India, publishes news and views without any bias or prejudice of any kind. Restraint and moderation, rather than agitational language and partisanship, are the hallmarks of the paper. It is an independent newspaper in the real sense of the term.

The Tribune has two sister publications, Punjabi Tribune (in Punjabi) and Dainik Tribune (in Hindi).

Designed and Developed by: Grazitti Interactive

Orban Government Remains Silent about ‘Hungary’s Watergate’

Balkan Insight 19 July, 2021 - 08:07am

An international investigation by 17 media organisations found that the Hungarian government was among those who acquired the controversial spy software Pegasus from Israeli surveillance company NSO and used it to target a range of journalists, businessmen and activists. They included two journalists who worked for investigative news site Direkt36, known for its stories exposing high-level corruption and the Hungarian government’s deepening relationships with China and Russia.

In response to the revelations, Hungary’s journalist association demanded an immediate explanation from the Fidesz government. And Janos Stummer, of the formerly radical right Jobbik party and current chairman of the parliamentary committee on national security, described the scandal as Hungary’s Watergate.

“If Fidesz remains silent, it means they admit it,” Stummer said, while calling for an extraordinary parliamentary committee to investigate the case.

Szabolcs Panyi, one of the journalists targeted (and a BIRN commentator), published a long story on Telex.hu, writing that the Hungarian government has been a client of NSO since 2018. NSO is licensed to sell its spyware only with the express permission of the Israeli Defence Ministry and the program can purportedly only be used to fight criminals or terrorism.

The spyware reportedly began being used in Hungary after high-level talks between Hungarian and Israeli government officials. The head of Hungary’s intelligence services and key Orban ally Jozsef Czukor – currently Hungary’s ambassador to Switzerland – was even welcomed by Israeli Prime Minister Benjamin Netanjahu, which is an unusual gesture in diplomatic circles unless something particularly important is on the agenda.

Another person reportedly targeted by the spyware was entrepreneur Zoltan Varga, one of the richest media moguls in Hungary and owner of Central Media Group, which publishes the government-critical news site 24.hu.

According to the reports, Varga organised a dinner in June 2018, two months after the last election, for fellow businessmen, most of whom were critical of Viktor Orban’s government. Two weeks after the dinner, a former employee with close ties to the government called Varga to warn him: “I know you hosted this dinner, it is really dangerous and you should not do things like that.”

Amnesty International, which helped in the research for the collaborative investigation run by the French nonprofit journalistic organisation Forbidden Stories, says forensic analysis of the phones points to at least one of the invited guests having had his phone infected by Pegasus by the time of the dinner. The spyware can activate the microphone on mobile phones and record complete discussions.

Varga told Direkt36 that he has been aware of being under surveillance for some time: cars are parked in front of his house with people inside doing apparently nothing, his phone conversations were abruptly cut short and he has even listened back to some of his own words. About the dinner, he said: “It was a friendly conversation – not a coup d’état.”

The phones of Szabolcs Pany and Andras Szabo from Direkt36 were hacked several times in 2019, when they travelled to the US and worked on stories about US-Hungarian and US-Israeli relations, or the relocation of the Russia-funded International Investment Bank to Budapest.

Both journalists believed they communicated through secure channels when organizing interviews or talking to sources, yet Pegasus managed to penetrate their phones using a deficiency of the iMessage function.

Surveillance in Hungary is regulated in a rather lax manner, experts say. “In most countries, there are either strict rules about whom the state can monitor and when, or there is a strong legal control over how the secret services can work. Neither of those applies to Hungary,” Daniel Mate Szabo, from Hungary’s Civil Liberties Union, told Direkt36.

Previously, another news site 168ora.hu revealed that Minister of Justice Judit Varga allowed as many as 500 times “the collection of secret data for national security purposes” in the first three and half months of 2021. This amounts to five permits a day and underlines how the intelligence services are extremely active in Hungary. Since 2015, the number of surveillance permits has constantly been on the rise.

When asked about Pegasus and its use against journalists, Hungary’s government responded by saying: “Hungary is a democratic state governed by the rule of law, and as such, when it comes to any individual it has always acted and continues to act in accordance with the law in force. In Hungary, state bodies authorised to use covert instruments are regularly monitored by governmental and non-governmental institutions.”

In an earlier interview with Le Monde, Justice Minister Varga said it was a “provocation” to ask whether she would authorise the surveillance of a journalist, but said “there are so many dangers to the state everywhere”. Later, she requested the removal of the question and the answer.

Hungary’s government media have so far not reported on the spyware scandal.

Technology Stories