Exploiting recently discovered clickless iPhone used in NSO spyware attacks

Citizen Lab’s digital threat researchers have discovered a new clickless iMessage exploit used to install NSO group spyware on the iPhones of Catalan politicians, journalists and activists.

The previously unknown zero-click iOS security flaw was named HOMAGE affects some versions prior to iOS 13.2 (the latest stable version of iOS is 15.4).

It was used in a campaign targeting at least 65 people with NSO’s Pegasus spyware between 2017 and 2020, as well as the Kismet iMessage exploit and a WhatsApp crash.

Among the victims of these attacks, Citizen Lab cited Catalan MPs in the European Parliament (MEPs), all Catalan presidents since 2010, as well as MEPs, lawyers, journalists and members of Catalan civil society organizations and their families. .

“Among the Catalan objectives, we have not seen any instance of the HOMAGE exploit used against a device with an iOS version higher than 13.1.3. The exploit could have been patched to iOS 13.2, “Citizen Lab said.

“We are not aware of any zero-day and zero-click exploits deployed against Catalan targets after iOS 13.1.3 and before iOS 13.5.1.”

The University Research Lab has reported and provided Apple with the necessary forensic artifacts to investigate the leak and says there is no evidence that Apple customers using the latest versions of iOS are at risk of HOMAGE attacks.

“Citizen Lab does not conclusively attribute these piracy operations to any particular government at this time, but a number of circumstantial evidence points to a close connection with one or more Spanish government entities,” Citizen Lab added.

Zero Click Click Zero Exploitation of iOS JSR Tribute

The European Commission, the British government, Finnish diplomats and the US State Department are also targets

As reported by Reuters, NSO spyware was also used in attacks on senior European Commission officials last year, including the EU justice commissioner.

According to Citizen Lab director Ron Deibert, Citizen Lab has also reported several suspected Pegasus spyware infections on official UK networks. in the UK government.

A suspected infection in a device belonging to an official in the Prime Minister’s Office was linked to Pegasus operators linked to the United Arab Emirates, while attacks linked to the Office of Foreign Affairs and the Commonwealth of the United Arab Emirates United Kingdom were related to the United Arab Emirates, the United Arab Emirates. India, Cyprus and Jordan.

The Finnish Foreign Ministry said in January that the devices of Finnish diplomats had become infected with the NSO group’s Pegasus spyware after US State Department employees also discovered that their iPhones had been hacked. to install the same spyware.

The European Parliament is setting up a commission of inquiry (which will hold its first meeting on 19 April) to investigate breaches of EU law arising from the use of NSO Pegasus and equivalent spyware.

Pegasus, spyware developed by Israeli surveillance firm NSO Group, is marketed as surveillance software licensed to governments around the world to “investigate crime and terrorism.”

“Spyware secretly penetrates mobile phones (and other devices) and is able to read texts, listen to calls, collect passwords, track locations, access the camera’s microphone and target device, and collect information from applications, “said Citizen Labs. Explain.

“Encrypted calls and chats can also be monitored. The technology can even maintain access to victims’ cloud accounts after the infection is cleared.”

Leave a Comment