NSO’s Pegasus spyware keeps making it to the news due to its high stealth functionalities facilitating repressive governments. Once again, a new wave of Pegasus deployment from Bahrain authorities exploits a new iOS zero-click vulnerability.
iOS Zero-Click Exploited To Deploy Pegasus
In their latest report, CitizenLab has revealed how Pegasus spyware facilitates surveillance authorities despite Apple’s repeated fixes. Specifically, they have spotted a new iOS zero-click vulnerability under exploit to deploy NSO’s Pegasus on Bahraini activists.
Briefly, the researchers spotted Pegasus attacks on at least 9 Bahraini activists’ iPhones between June 2020 and February 2021. Some of these attacks exploited the previously discovered KISMET, whereas others exploited a new zero-click vulnerability FORCEDENTRY.
Explaining the new vulnerability, they stated that FORCEDENTRY is an iMessage zero-click flaw that bypasses the iOS Blastdoor feature. Exploiting this vulnerability successfully works against iOS versions 14.4 and 14.6 as a zero-day.
While preventing such attacks is theoretically possible by disabling iMessage. However, doing so would create communication issues. Besides, it might be unviable to do, given the NSO’s history of meddling with different others apps, too, including WhatsApp.
As stated in their report,
Disabling iMessage and FaceTime would not offer complete protection from zero-click attacks or spyware. Additionally, disabling iMessage means that messages exchanged via Apple’s built-in Messages app would be sent unencrypted (i.e., “green messages” instead of “blue messages”), making them trivial for an attacker to intercept.
As for the victims, CitizenLab found the involvement of an entity named LULU in targeting 4 of the 9 apps. This entity evidently links with the Bahraini government that has been a Pegasus abuser.
NSO’s Pegasus spyware exhibits robust capabilities to take over iPhones and sneakily spy on the victims. The malware exploits different unpatched and/or unknown (zero-day) vulnerabilities to infect devices for a successful attack.
Often, security patches from Apple remedy the bugs under attack. For instance, the June updates are believed to have addressed at least one vulnerability exploited by Pegasus.
However, as these bugs receive fixes, NSO finds new vulnerabilities to exploit. Thus, the fiasco continues with more and more governments abusing spyware for monitoring their target citizens.
Apple hasn’t commented yet about knowing or patching the latest iOS bug FORCEDENTARY. But we may expect to see a patch from the tech giant soon.