Zero-click iPhone exploit abused to launch NSO spyware attacks

(Image credit: Future)

Catalan politicians have reportedly been targeted by a new form of mobile security threat that attacks iOS devices. 

Cybersecurity researchers at Citizen Lab discovered a new zero-click exploit in iMessage - iPhone’s native texting app. The new exploit was allegedly used to install Pegasus, known spyware from the dreaded NSO Group.

Although the team say they can’t know with absolute certainty, they believe that individuals from Spain were behind the attack, with Catalonia, a region in the north east of the country, seeks to gain its independence from the Spanish crown. 

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

NSO Group strikes again

NSO Group is an Israeli tech startup known for selling malware and spyware to governments around the world. It has frequently been criticized for its role in the abuse of human rights, especially against politicians, journalists and civil rights activists.

This time around, it appears Pegasus was installed on endpoints belonging to Catalan Members of the European Parliament (MEPs), every Catalan president since 2010, as well as Catalan “legislators, jurists, journalists, and members of civil society organizations and their families”.

The newly discovered zero-day has been dubbed HOMAGE, and is reportedly only found on iPhone devices running iOS 13.2 or earlier.

"Among Catalan targets, we did not see any instances of the HOMAGE exploit used against a device running a version of iOS greater than 13.1.3. It is possible that the exploit was fixed in iOS 13.2," Citizen Lab said.

"We are not aware of any zero-day, zero-click exploits deployed against Catalan targets following iOS 13.1.3 and before iOS 13.5.1."

The researchers don’t know who’s behind the attack, but suspect individuals from the Spanish government. 

"At this time the Citizen Lab is not conclusively attributing these hacking operations to a particular government, however a range of circumstantial evidence points to a strong nexus with one or more entities within Spanish government," Citizen Lab added.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.