No comments TODAY WE TALK ABOUT

Subscribe to Xataka Mexico

Receive an email a day with our articles:

Researchers from Google's Project Zero division have detailed the workings of NSO Group's no-click exploit, which has been used to hack Apple devices, describing it as "incredible and terrifying."

This version of the "FORCEDENTRY" exploit was obtained earlier this year by Citizen Lab, which managed to capture it through a Saudi activist who was the target of an attack and worked with Apple's Security Engineering and Architecture (SEAR) group to perform technical analysis.

Unlike the original NSO exploit that required the user to click on a link sent via iMessage to run, this newer, more sophisticated version does not require any additional action to launch.

To start the attack, only the user's number or account is needed

It does this by taking advantage of the way in which the application interprets the files that end in .gif and that it considers as animation, giving them the order to play indefinitely.

However, instead of being a GIF, it is actually a malicious PDF that runs without the victim having to do anything, for which it uses JBIG2, an old code from the 90s that was used to compress files when processing text. on imaging scanners.

Once the malware is inside the device, it can set up a virtualized environment and execute JavaScript-like code without the need to be linked to an external server, allowing the attacker to gain access to passwords, microphone, audio, and more. sensors on the victim's device.

According to Project Zero this exploit is extremely difficult to detect and "a weapon against which there is no defense". Given this, Apple has already submitted an update to patch iMessage in September, in a vulnerability that according to Citizen Lab could have been used since February 2021.

Share It looks like a GIF, it runs like a GIF, but it is actually a malware to "hack" iPhones, and it is also made by the creators of Pegasus

Share