NSO Group is known for offering high-profile clients hacking solutions. Pegasus, a spyware software, was used by the company to hijack cell phones, including iPhones. Since the information was made public, the US has prohibited corporations from doing business with NSO Group, and Apple has also sued the company. Google has now described how Pegasus was used to hack iPhones in a blog post. It was revealed earlier this year that the Israeli corporation NSO Group had been hired by governments to target activists, politicians, and journalists.
As explained by Google in a blog, NSO provides zero-click exploitation technologies. The hacker doesn’t send phishing messages or questionable URLs in a zero-click assault since it operates quietly in the background. Google’s Project Zero team that analyses and researches cybersecurity threats, “Short of not using a device, there is no way to prevent exploitation by a zero-click exploit; it’s a weapon against which there is no defence,” Pegasus’ initial access point on iPhones, according to Google, is iMessage. An attacker can target a victim if they have an AppleID username or phone number.
As explained by Google, “Using this “fake gif” trick, over 20 image codecs are suddenly part of the iMessage zero-click attack surface, including some very obscure and complex formats, remotely exposing probably hundreds of thousands of lines of code.” however it isn’t a GIF file because the filename ends in.gif.
But the victim would receive a GIF file instead.
According to Google, Apple will release iOS 15 in September 2021, which would totally eliminate the GIF code path that may lead to such assaults.
Bandwidth and storage are no longer major concerns. Compression methods, on the other hand, were popular in the 1990s and continue to be popular now. According to Google, an image codec known as JBIG2 was employed in the 1990s to compress images with just black or white pixels.
Many PDF files from a few years back presumably had a JBIG2 stream. Many obsolete algorithms are still in use and are abused in attacks like Pegasus.“This is on par with serious nation-state capabilities,” he says. “It’s really sophisticated stuff, and when it’s wielded by an all-gas, no-brakes autocrat, it’s totally terrifying. And it just makes you wonder what else is out there being used right now that is just waiting to be discovered. If this is the kind of threat civil society is facing, it is truly an emergency.” Ian Beer and Samuel Groß of Project Zero told Wired that the hacking is on par with elite national-level surveillance.