Apple’s High Security Mode Blocked NSO Spyware
Apple’s High Security Mode Blocked NSO Spyware : For iPhone users who are concerned about being targeted by sophisticated malware, such as journalists or human rights advocates, Apple introduced a new capability last year. Researchers claim to have discovered proof that the Lockdown Mode feature prevented hackers from employing malware created by the famed mercenary hacking company NSO Group to launch an assault.
At least two Mexican human rights defenders were targeted by three new zero-day exploits in iOS 15 and iOS 16, according to a study published on Tuesday by the cybersecurity and human rights research organization Citizen Lab. This indicates that Apple was not aware of the vulnerabilities at the time the attacks occurred.
The researchers discovered that Lockdown Mode prevented one of those vulnerabilities. Lockdown Mode was created expressly to minimize the iPhone’s attack surface, a term used in cybersecurity to describe features or areas of a system that are vulnerable to attacks from hackers. It has never been shown before that Lockdown Mode has effectively shielded a victim from a targeted attack.
According to Citizen Lab Researchers
According to Citizen Lab researchers, in the most recent incidents, the targets’ iPhones thwarted the hacking efforts and displayed a message that indicated Lockdown Mode barred access to the phone’s Home app. But according to the researchers, it’s conceivable that at some time the exploit’s creators at NSO “may have figured out a way to correct the notification issue, such as by fingerprinting Lockdown Mode.”
It’s simple to identify people who have Lockdown Mode enabled using their fingerprints, as other researchers have already noted, but that doesn’t imply its defenses are meaningless. Lockdown Mode may be useful, as this Citizen Lab scenario demonstrates.
According to Bill Marczak, a senior researcher at Citizen Lab and one of the report’s authors, “The fact that Lockdown Mode seems to have thwarted, and even notified targets of a real-world zero-click attack shows that it is a powerful mitigation, and is a cause for great optimism.” But the devil is always in the details, just as with any optional feature. How many individuals will choose to activate Lockdown Mode? Will hackers just stop targeting Apple apps and switch to targeting third-party apps, which Lockdown Mode finds more difficult to secure?
According to a statement from an Apple spokesman, Scott Radcliffe, “We are glad to see that Lockdown Mode prevented this sophisticated assault and swiftly informed customers, even before the precise danger was known to Apple and security researchers. Lockdown Mode will continue to be improved, and iOS’ security and privacy features will be strengthened by our security experts working around the globe.
Response to Number Of Inqueries
In response to a number of inquiries, Liron Bruck, a representative for the NSO Group, sent a statement in which she claimed that Citizen Lab had frequently produced studies that were unable to identify the technology being used and that they had refused to release their underlying data. NSO abides by tight regulations, and its governmental clients employ its technologies to combat terrorism and crime globally.
Citizen Lab’s analysis examined multiple phones that were thought to have been compromised with NSO’s spyware, also known as Pegasus, and found three separate vulnerabilities that were all “zero-click,” meaning they didn’t need any input from the target.
Pegasus, which NSO only offers to government clients, has the ability to remotely access a phone’s location, messages, photographs, and pretty much anything else its rightful user may access. Researchers at Citizen Lab, Amnesty International, and other groups have chronicled several instances of NSO clients using the spyware of the corporation to target journalists, human rights advocates, and opposition politicians for years.
New research from Citizen Lab demonstrates that NSO is still operational despite a difficult recent history. The Pegasus Project, a collection of stories describing scandals using NSO throughout the globe, was introduced in 2021 by a global alliance of media outlets. Later on in the same year, the American government added NSO on a denylist, thereby prohibiting any citizen or entity of the United States from doing business with it.
Marczak Statement :
Marczak stated that Pegasus “remains an active threat to global civil society” despite other businesses failing. “At least for now, NSO is still able to bear these increased costs,” Marczak added.
The first exploit, which took use of the iPhone’s FindMy function, which aids owners in locating their lost or stolen devices, was released in January 2022 by NSO customers. The second vulnerability, which targets two features in this instance the FindMy function and iMessage, will be released starting in June 2022. It is a “two-step” hack. The last attack targeted the iPhone’s HomeKit and iMessage features, and it was launched in October 2022.
According to Citizen Lab’s research, the two Mexicans who were targeted by the exploits look into suspected human rights abuses by the Mexican military. The Mexican government is well-known for purchasing spyware. After Citizen Lab alerted Apple to all of these vulnerabilities, the company deployed patches and decreased the attack surface. In February, Apple released iOS 16.3.1, which contained a remedy for the HomeKit-based vulnerability.
