Spyware from an Israeli cyber intelligence specialist NSO Group is once again in the headlines after a warning from researchers at digital watchdog group Citizen Lab.

Citizen Lab in its advisory said that “last week, while checking the device of an individual employed by a Washington DC-based civil society organisation with international offices, Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware.”

It did not name the victim, but the good news is that Apple has responded very quickly and has just issued an update for Apple products including iPhones, iPads, Mac computers, and Apple Watches. Citizen Lab said it encourages all Apple users to immediately update their devices.

Apple iPhone 14, iPhone 14 Plus

BLASTPASS Exploit

Canadian internet watchdog Citizen Lab said it is labelling the actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware, as the BLASTPASS Exploit Chain.

The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.

What made this exploit chain so concerning was that it was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.

Citizen Lab said it immediately disclosed its findings to Apple and assisted in their investigation.

The iPhone maker then issued two CVEs related to this exploit chain (CVE-2023-41064 and CVE-2023-41061).

Citizen Lab at the University of Toronto said it expects to publish a more detailed discussion of the exploit chain in the future, but in the meantime it “urge everyone to immediately update their devices.”

“We encourage everyone who may face increased risk because of who they are or what they do to enable Lockdown Mode,” said Citizen Lab. “We believe, and Apple’s Security Engineering and Architecture team has confirmed to us, that Lockdown Mode blocks this particular attack.”

“We commend Apple for their rapid investigative response and patch cycle, and we acknowledge the victim and their organisation for their collaboration and assistance,” it concluded.

Meanwhile a NSO spokesperson told Reuters it did not have any immediate comment on the Citizen Lab research.

Infamous firm

NSO Group and its Pegasus spyware became notorious within cybersecurity circles in recent years, despite the firm insisting it only sold its technology to authorised governments and law enforcement to help them combat terror and crime.

Matters began going downhill for NSO when Facebook’s Whatsapp sued NSO in October 2019, and alleged NSO was behind the cyberattack that infected WhatsApp users with advanced surveillance hacks in May 2019.

Matters became even more serious in December 2020, after a report by Citizen Lab alleged that dozens of Al Jazeera journalists had been hacked with the help of Pegasus, by exploiting a vulnerability in the iPhone operating system.

Worse was to come in July 2021, when the Pegasus Project (a collaboration of more than 80 journalists and media organisations) alleged that NSO’s Pegasus had been used “to facilitate human rights violations around the world on a massive scale.”

It allegedly uncovered evidence that the phone numbers for 14 heads of state, including French President Emmanuel Macron, Pakistan’s Imran Khan and South Africa’s Cyril Ramaphosa, as well as 600 government officials and politicians from 34 countries, had appeared in a leaked database at the heart of the investigative project.

In September 2021 the investigative website Mediapart alleged that traces of Pegasus spyware had even been found on the mobile phones of at least five current French cabinet ministers – deepening the diplomatic fallout.

In April 2022, it was alleged that the UAE may have used NSO Pegasus spyware on Downing Street and Foreign Office computer systems.

US blacklisting

During this time in November 2021 NSO was blacklisted by the US Department of Commerce.

Being placed on the US Entity List, means that exports to NSO Group from US companies have been restricted.

Apple also sued NSO in November 2021, alleging NSO engaged in surveillance and targeting of iPhone users in the US.

In December 2021 NSO reportedly said it was exploring its strategic options, that included shutting the Pegasus unit or selling the entire company.

Then in June 2022 it was reported that US defence contractor L3Harris was in talks to takeover NSO Group’s Pegasus surveillance technology. But that deal would have faced significant challenges, not least of which would be the approval from the US and Israeli governments.

In August 2022 NSO’s CEO stepped down in an reorganisation that saw the Israeli firm refocus to only sell to countries within the NATO alliance.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Microsoft Recall Triggers Enquiry From UK Data Regulator

Privacy concerns. ICO seeks feedback after Microsoft introduces AI Recall feature that screenshots users' laptops…

43 mins ago

Upcoming Honor Smartphones To Feature Google AI Tech

Honor will include Google AI features in upcoming devices, despite geopolitical tensions between Washington and…

2 hours ago

Amazon To Refresh Alexa With AI, Charge Monthly Subscription – Report

Alexa voice assistant to be upgraded with AI capabilities, and users charged a monthly fee…

3 hours ago

Electric Vehicles Twice As Likely To Hit Pedestrians – Study

Study analysed UK road collisions, finds pedestrians twice as likely to be hit by an…

4 hours ago

EU Countries Endorse AI Act, Due Next Month

European countries have officially endorsed the flagship EU AI Act, which is due to come…

6 hours ago

SpaceX Demos First Video Call Of T-Mobile’s Direct To Cell Service

Video call made from one smartphone connected to Starlink satellite, to another phone connected to…

8 hours ago