NSO is still in the news, this time … a 0 click iphone attack

The NSO group can’t keep their nose clean by the looks of things. It rturns out, that they may be behind an iphone attack where you don’t have to click on a thing.

Shannon Vavra writes for Cyberscoop on this article, and I found it of interest. This group says that their software is not used in the manners that are portrayed in this, or any other article that has been written. Sure looks like it to me, unless someone somewhere is using the software in this way, violating terms of service.

Hackers suspected to work for the governments of Saudi Arabia and the United Arab Emirates breached 36 devices belonging to Al Jazeera journalists in recent
months by using a zero-click iPhone exploit and NSO Group spyware, according to new Citizen Lab research published Sunday.

The suspected government hackers behind the operations had a particularly pernicious tactic for accessing their targets — an iPhone iMessage that requires
zero interaction from the target to work, according to the researchers. Citizen Lab is based at the Munk School of Global Affairs and Public Policy at
the University of Toronto.

The hacking operations, which researchers attribute to the governments of Saudi Arabia and the UAE with “medium confidence,” could have allowed the operators
to record audio, take pictures, track device location and access passwords or stored credentials on compromised phones, the researchers said.

Qatar, where Al Jazeera is based, historically has a fraught relationship with both Saudi Arabia and the UAE. Citizen Lab said the spy campaign’s targets
include Al Jazeera investigative journalist Tamer Almisshal as well as Rania Dridi, a presenter for a London-based network, Al Araby TV.

So if this is the case, based on these paragraphs I quoted from the beginning of the article, why does the company not go after these guys for violations of terms of service? The terms are there for a reason, I don’t understand why they aren’t followed. I’m sure if I were to use something like Jaws, Window-Eyes, Station Playlist, Winamp, Windows, or any other software in this way, I would be found out, caught, and delbt with. Let me make it clear that I have no intention of anything, I used it as an example.

There is more to this story including links to other things around the web including a blog post talking about the shift in zero click attacks and what they might present.

Want to read more from Cyberscoop? Zero-click iPhone exploit, NSO Group spyware used to target Mideast journalists, Citizen Lab says is the article, and do feel free to leave those comments.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.