Google: NSO Group has one of the most complex vulnerabilities |
Google has warned that NSO group hackers can be compared to elite nation-state spies. Over the years, the Israeli spyware developer NSO Group has shocked the global security community with its powerful and effective hacking tools that can target Android and iOS devices.
The company's products have been abused by customers around the world, and they now face penalties, high-profile legal action and an uncertain future for the NSO Group.
But the new iOS ForcedEntry vulnerability scan throws an important warning that private companies can produce hacking tools with technical skill and develop the most elite development team sponsored by the government.
Google's Project Zero team analyzed the ForcedEntry vulnerability using examples provided by researchers at Citizen Lab at the University of Toronto.
Project Zero researchers found that the ForcedEntry exploit used a number of clever strategies to attack Apple's iMessage platform.
Apple released a number of fixes in September and October to fend off ForcedEntry attacks and strengthen iMessage to withstand similar attacks in the future.
But the Zero Project researchers wrote in their analysis that ForcedEntry remains one of the most complex technical vulnerabilities we've seen. The NSO Group has reached a level of innovation that is generally considered to be reserved for a small group of nation-state hackers.
The analysis states, "We haven't seen an equivalent ability develop from such a limited starting point." It is impossible to interact with the attacker's server. No JavaScript or similar programming engine is loaded.
“A lot of people in the security community think this kind of exploit is a solvable problem,” he added, and believe that the defenses mobile devices provide are too high to create security breaches. This feat demonstrates that it is possible and can be used reliably against humans.
Google: NSO Group hackers compete with elite nation-state spies
After Project Zero investigated the threat of the attack, Apple added an iMessage protection called BlastDoor to iOS 14 in 2020.
And BlastDoor doesn't seem to make interactive iMessage attacks any more difficult. But the NSO group has found a way.
ForcedEntry takes advantage of iMessage's vulnerability to accept and interpret GIF and other files to trick the platform into opening a malicious PDF, and the victim does nothing.
The attack exploited a vulnerability in an old compression tool that was used to process text in images by physical scanners. This allows NSO Group customers to fully support the iPhone.
The copy-and-scan compression algorithms used in the 1990s are still found in modern communications software. With all the flaws.
Many attacks require so-called command and control servers in order to send instructions to the malware. ForcedEntry creates your virtual environment.
The attack infrastructure can be built and implemented independently, making attacks more difficult to detect. The Zero Project researchers concluded in their analysis that this is both startling and terrifying.
Zero element parsing explains how ForcedEntry works. It also shows how dangerous specially developed malware is.