New NSO Group Related Zero-Click Exploit Detected

New NSO Group Related Zero-Click Exploit Detected

In their new report, experts from the Citizen Lab Research Center at the University of Toronto talked about a previously unknown vulnerability in iOS, which can be exploited with just one click. Since February 2021, the vulnerability has been exploited in attacks against several activists and dissidents in Bahrain, according to the report.

Experts have linked the new exploit to the Israeli commercial spyware maker NSO Group, which has been regularly mentioned in the media lately in connection with the surveillance of activists and journalists.

FORCEDENTRY is one of several vulnerabilities exploited to infect devices with NSO Group's Pegasus tracking tool. FORCEDENTRY was used in a broader hacking campaign that began in July 2021 and affected at least nine Bahraini activists, experts say.

“At least four activists were attacked by LULU, a Pegasus operator that can be traced with great certainty to the government of Bahrain, known for its spyware abuse,” the report said.

In this hacking campaign, FORCEDENTRY was not the main exploitable vulnerability. The attack was carried out in three phases, and it appears that the FORCEDENTRY exploit was developed earlier this year to bypass new features introduced by Apple in iOS 14.

Details of the iMessage vulnerability exploited by FORCEDENTRY are currently not disclosed, mainly due to the fact that it has not yet been fixed. At the moment, the following is known about the vulnerability:

FORCEDENTRY is a zero-click exploit. That is, just after receiving a malicious message in iMessage from an attacker, the victim can infect his iPhone with malware. That is, you do not need to click on the link in the message or even read it;

FORCEDENTRY can bypass BlastDoor, a new security feature that Apple secretly added in iOS 14 last year. It works by sandboxing some iMessage elements to isolate malicious code received in messages from interacting with the OS;

FORCEDENTRY was used in attacks on iOS 14.4 and 14.6, but the exploit can also work on current iOS versions;

FORCEDENTRY has also been used in attacks against users in France and India.

Previous Post Next Post