Google's Project Zero points out that the zero-click exploit for iPhone used in Pegasus, a spyware used for VIP monitoring, is 'the most technically sophisticated exploit'.



Developed by Israeli security company

NSO Group , the spyware Pegasus isused to monitor more than 180 journalists in 20 countries , as well as 10 prime ministers, 3 presidents and 1 king . It is a spyware that has been abused all over the world. Details of iMessage's zero-click exploit exploited by NSO Group in Pegasus are available from Project Zero, a security team tasked with discovering zero-day vulnerabilities within Google.

Project Zero: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html



NSO Group used fake GIFs to hack Apple iMessage --Security --iTnews
https://www.itnews.com.au/news/nso-group-used-fake-gifs-to-hack-apple-imessage-574081

Pegasus, a spyware provided by NSO Group, has been used for many years to monitor smartphones for specific targets. Initially, Pegasus sent a URL like the image below via SMS, and when the target tapped (clicked) the link, the device was hacked. An exploit that hacks your device with a single click is called a one-click exploit.



However, NSO Group is said to be developing a zero-click exploit that doesn't even require a click. Since there is no need to click, even people who are familiar with security-related technology may not be aware that the terminal has been hacked. Zero-click exploits require no user interaction, so attackers do not need to send messages like one-click exploits. The zero-click exploit works secretly in the background, 'there is no way to prevent this,' Project Zero explains. The zero-click exploit used by Pegasus is

called 'FORCEDENTRY '.

FORCEDENTRY sends a message to the target via iMessage on the iPhone and hacks the device just by displaying the GIF image attached to this message. When displaying a GIF image on iMessage, Apple is designed to loop the video indefinitely instead of playing it only once. A process called 'IMTranscoderAgent' related to image preview and transcoding renders an image file with the extension '.gif', but Project Zero says 'The file name ends with' .gif '. The file sent is not always a GIF image. ' NSO Group is believed to have secured an intrusion route for external code by using 'fake GIF images ' that pretend to be GIF images that completely ignore the file extension.



In addition, FORCEDENTRY makes it possible to execute multiple codes by targeting a vulnerability in the PDF processing of Core Graphics, the framework used by iOS to draw images. Since JavaScript can be used in PDF, the attack will be realized. Project Zero points out that 'because JavaScript can be used in PDF, it has become easier to develop highly reliable exploits.'

Project Zero describes FORCE DENTRY as 'one of the most technically sophisticated exploits I've ever seen.'

Project Zero said, 'We would like to thank Citizen Lab for providing a sample of the exploit FORCEDENTRY developed by NSO Group for Pegasus and Apple's Security Engineering and Architecture group for their technical analysis.' However, the details of the ZeroClick exploit announced this time 'do not necessarily reflect the opinions of these companies.'

in Mobile,   Software,   Security, Posted by logu_ii