Apple on Monday released a bug fix that could allow spyware at the heart of the Pegasus scandal to infect devices without users even clicking on a malicious message or link.
Tea Pegasus The software of the Israeli firm NSO Group has been under severe scrutiny since the international media investigation claimed that it was used to spy on the phone. Human rights Workers, journalists and even heads of state.
Researchers at Citizen Lab, a Canadian cybersecurity watchdog organization, analyzed the phone of a Saudi worker and found that the code had been compromised.
Citizen Lab wrote in a post, “We have determined that the rental spyware company NSO Group used the threat to exploit and infect Apple’s latest devices remotely from Pegasus spyware.” Is.”
In March, Citizen Labs inspected the worker’s phone and determined that it had been hacked via iMessage texting with Pegasus spyware and that the phone user did not need to click.
A few hours after the fix was issued, Apple He said he had developed a “rapid” update while Citizen Lab had discovered the problem.
The company said, “As mentioned, these attacks are extremely sophisticated, cost millions of dollars to develop, often have a short shelf life and are used to target specific individuals. Is.”
The NSO did not dispute that Pegasus had hinted at an immediate software upgrade, and said in a statement that it would “work with intelligence and law enforcement agencies around the world to save lives in the fight against terrorism and crime.” Will continue to provide technology. “
No click required.
Pegasus is poised to become more efficient as it was exposed five years ago by Citizen Lab and cybersecurity firm Lookout.
According to Hank Schles, senior manager of Lockout, Pegasus can be deployed as a “zero-click exploit”, meaning that spyware can install itself without prey, even on a Bobby Trapped link or file. Also clicks.
“Many apps will automatically create a link preview or cache to improve the user experience,” Schles said.
“Pegasus takes advantage of this functionality to quietly affect the device.”
UN experts have recently called for an international ban on the sale of surveillance technology until laws are enacted to protect human rights in the wake of the Israeli spyware scandal.
In July, an international media investigation reported that several governments used Pegasus malware, created by the NSO group, to spy on activists, journalists and politicians.
Pegasus can turn on the phone’s camera or microphone and retrieve its data.
“Allowing surveillance technology and the commercial sector to operate as a human rights-free zone is extremely dangerous and irresponsible,” UN human rights experts said in a statement at the time.
The statement was signed by three special rights representatives and a working group of human rights and international corporations and other businesses.
The Israeli Defense Establishment has set up a committee to review the NSO’s business, including the process by which export licenses are issued.
The NSO insists its software has only been used to fight terrorism and other crimes, and says it exports to 45 countries.