Recently Discovered Zero-click iPhone Exploit is Being Used for NSO Spyware Attacks

Digital threat analysts at Citizen Lab have discovered a new zero-click iMessage vulnerability that can be used for installing NSO Group spyware on iPhones belonging to Catalan journalists, politicians, and activists.

The previously unreported iOS vulnerability to zero-clicks that has been dubbed HOMAGE is present in specific versions before iOS 13.2 (the current version of the stable iOS version number is 15.4).

It was utilized in a marketing campaign targeting the least 65 individuals using an NSO’s Pegasus malware between the years 2017 to 2020 in conjunction with the Kismet iMessage exploit and a WhatsApp vulnerability.

In the list of victims of these assaults, Citizen Lab mentioned Catalan members from the European Parliament (MEPs), each Catalan president since 2010, and Catalan legislators, journalists, jurists, journalists, and members of civil society groups and their families.

“Among Catalan targets, we haven’t seen an instance of the HOMAGE exploit being applied to any device running a version of iOS higher than 13.1.3. It’s possible that the vulnerability was patched with iOS 13.2,” Citizen Lab declared.

Also Read- US Officials Link North Korean Hackers to $625M Axie Infinity Theft

“We do not know of any zero-click, zero-day exploits used against Catalan targets before iOS 13.1.3 and before iOS 13.5.1.”

The academic research lab has released its findings. It has the Apple with the evidence required to study the exploit and has stated that there is no evidence to suggest that Apple customers running the latest editions of iOS are at risk of HOMAGE attacks.

“At this point, Citizen Lab at present Citizen Lab is not conclusively linking these hacking activities to any particular government, but a variety of circumstantial evidence indicates an obvious connection with any of the entities that are part of the Spanish administration,” Citizen Lab said.

EU Commission, UK govt, Finnish diplomats, US State Dept, are also targets

As Reuters revealed, NSO spyware was also employed in attacks on top European Commission officials last year, including the European Justice Commissioner.

As per Citizen Lab Director Ron Deibert, Multiple suspected infections using Pegasus spyware in the official UK network were disclosed to Citizen Lab to the authorities of the United Kingdom.

A possible virus on the device of an official of the Prime Minister’s Office was associated with Pegasus operators related to the UAE and attacks related to the UK’s Foreign and Commonwealth Office linked to the UAE, India, Cyprus, and well as Jordan.

The Finnish Ministry for Foreign Affairs announced on January 1 that the devices of Finnish diplomats were affected by the NSO’s Pegasus spyware following US Department of State employees’ discovery that their iPhones were infected with the same malware.

The European Parliament is setting an inquiry committee (which will have its first public meeting on the 19th of April) to look into violations of EU law arising due to the usage of NSO Pegasus and equivalent spyware.

Pegasus, a tool for spyware created by Israeli company NSO Group, a surveillance firm NSO Group, is marketed as a surveillance program licensed to governments around the world to assist in “investigating the terrorism and crime.”

“The spyware infiltrates cellphones (and various other gadgets) and is capable of reading text and listening to calls, capturing passwords in tracking locations, gaining access to the device’s microphone and camera, and stealing data from apps,” Citizen Labs explains.

“Encrypted chats and calls can be monitored. Technology can even keep the victims’ accounts on the cloud once the infection has finished.”