With a simple message, NSO managed to hack the iPhone.
Project Zero is a Google team responsible for finding software bugs and reporting them to each brand so they can fix them. Apple pays a lot of money to find these kinds of flaws, and now the Google team has released a full report on How NSO hacks iPhones by sending messages.
Apple recently sued NSO Group for its Pegasus spyware, and now we know how they managed to run it on their victims’ iPhones. Of course, they took advantage of a vulnerability that Apple fixed on September 13, 2021 with the launch of iOS 14.8.
Based on our research and findings, we consider this to be one of the most technically sophisticated exploits we’ve seen.
Hack iPhone with a simple message
The main entry point for Pegasus on iPhone is iMessage. This means that victim can only be attacked by knowing their phone number or Apple ID. But it can be easy for attackers to find out.
The message NSO sent to spy
In the message intended to hack iPhone, it might contain a malicious link by which some data was obtained from the device. But NSO also found a different way to do it without sending an external link.
in this new type of messages a hidden PDF is sent as a GIF. Thanks to a vulnerability in iMessage’s native GIF support, this message worked without the user having to interact. the feat it just worked in the background without us being able to do anything.
Fortunately, Apple fixed this bug months ago with an iOS update. Also, since the arrival of iOS 15, Apple has completely changed the way GIFs are read in iMessage.
Related topics: iPhone
Subscribe to Disney + for only $ 8.99!
