Apple updates iPhone system after Pegasus breach – 9/8/2023 – Tech

Apple released an emergency update to its system after receiving an alert that an unknown vulnerability allowed the Israeli group NSO to infect iPhones and iPads with Pegasus spyware remotely and without leaving evident traces.

The flaw in the iOS code, called zero-day, appears to have allowed NSO customers, including Saudi Arabia, Rwanda and Mexico, to hide the spy program within images sent via iMessage that would allow the Pegasus spyware to take control of security functions. a phone.

Pegasus is able to surreptitiously read encrypted messages stored on your phone, turn on your camera and microphone remotely, and seamlessly track your phone’s location. It is also linked to human rights abuses from Mexico to East Africa, resulting in the Israeli company being blacklisted by the US Department of Commerce.

The update also addresses a vulnerability that affected Apple Wallet, where people store payment cards, the company said in a brief statement late on Thursday, without providing further details, as it pushed the update to billions of phones. .

This latest update, among a few that Apple has made in recent years, continues a cat-and-mouse game between major U.S. technology companies and spyware makers, many of them based in Israel. These last companies exploit and then market unknown vulnerabilities in smartphones so that their customers — generally government agencies — can surveil thousands of targets without being detected.

The NSO said: “We cannot respond to any allegations that do not include supporting research.”

While NSO has stated that its product is only intended to monitor potential terrorists and combat organized crime, this vulnerability was discovered by the University of Toronto’s Citizen Lab, which said it found it on the phone of an employee of a “society” organization. civil” with international offices in Washington, DC.

Citizen Lab has already tracked spyware on the phones of hundreds of dissidents, journalists, lawyers and opposition leaders in countries with poor human rights records. This current breach would have been blocked if people at risk of government surveillance had enabled Block Mode on their iPhones, which severely restricts some functions, including message attachments and FaceTime calls from unknown numbers, Citizen Lab said.

“Apple has become much more aggressive in its search (for vulnerabilities) and fixes, and it has also done a remarkable job with Block Mode,” said John Scott-Railton, a senior researcher at the monitoring group. “This puts substantial pressure on the mercenary spyware ecosystem and companies like NSO.”

NSO’s inclusion on the US government’s blacklist was prompted by the discovery of Pegasus on the phones of US embassy employees in Uganda, leading to spyware like NSO’s being listed as a major counterintelligence and national security threat to the American government.

The discovery of the latest vulnerability highlights how NSO continues to find rare flaws in some of its sophisticated operating systems despite severe financial problems arising from US government sanctions.

Almost entirely staffed by veterans of the Israeli army’s elite signals intelligence units, the company was once valued at $1 billion by its London-based private equity backers, Novalpina Capital.

In 2019, however, a hack carried out by NSO to inject its spyware using a vulnerability in the WhatsApp messaging platform resulted in a lawsuit in a California court brought by WhatsApp owner Meta, along with Apple, Amazon and other giants. of technology.

In this ongoing lawsuit, NSO has argued that its actions should be immune from legal scrutiny since its software is used by sovereign nations and the company has no visibility into who the targets are.

In recent weeks, at least three other people, including a UK-based political reporter for the Daily Mail, have received notifications from Apple that their phones have been attacked by “state actors.” It is not yet clear whether these attacks originated from NSO’s systems or those of its competitors.

“These attackers are believed to be targeting you individually because of who you are or what you do,” the notification read.

_{Translation made with the aid of artificial intelligence}