NSO hacked new Pegasus victims weeks after Apple sought injunction – TechCrunch

Investigators say they have found evidence that a Jordanian journalist and human rights defender’s iPhone was hacked with the Pegasus spyware just weeks after Apple sued the spyware’s maker NSO Group to stop it from targeting Apple’s customers.

Award-winning journalist Suhair Jaradat’s phone was hacked with the notorious spyware as recently as December 5, 2021, according to an analysis of her phone by Front Line Defenders and Citizen Lab that was shared with TechCrunch ahead of its publication. Jaradat was sent a WhatsApp message from someone impersonating a popular anti-government critic with links to the Pegasus spyware, compromising her phone. According to the forensic analysis, Jaradat’s iPhone was hacked several times in the preceding months and as far back as February 2021.

Apple had filed a lawsuit against Israeli spyware maker NSO Group in November 2021, seeking a court-issued injunction aimed at banning NSO from using Apple’s products and services to develop and deploy hacks against its customers.

The injunction would, if granted, make it more difficult for NSO to deploy its spyware since its stealthiest capabilities rely on abusing Apple’s own services, such as iMessage, to create Apple user accounts for delivering the malware. But so far the case has gotten off to a slow start after the first judge assigned to the case recused herself, with no decision on the case likely to be made any time before June.

The NSO-built Pegasus spyware gives its government customers near-complete access to a target’s device, including their personal data, photos, messages and precise location. Many victims have received text messages with malicious links, but Pegasus has more recently been able to silently hack iPhones without any user interaction, or so-called “zero-click” attacks.

Apple last year bolstered iPhone security by introducing BlastDoor, a new but unseen security feature designed to filter out malicious payloads sent over iMessage that could compromise a device. But NSO was found to have circumvented the security measure with a new exploit, which researchers named ForcedEntry for its ability to break through BlastDoor’s protections. Apple fixed BlastDoor in September after the NSO exploit was found to affect iPads, Macs, and Apple Watches, not just iPhones.

Apple declined to comment on the record when reached about the new report prior to publication.

Jaradat is one of several Jordanians, including human rights defenders, lawyers and fellow journalists whose phones were compromised likely by agencies of the Jordanian government, according to Front Line Defenders and Citizen Lab’s findings out Tuesday.

Among the others targeted include Malik Abu Orabi, a human rights lawyer whose work has included defending the teachers’ union, which in 2019 led the longest public sector strike in the country’s history. Abu Orabi’s phone was targeted as early as August 2019 until June 2021. Also, the phone of Ahmed Al-Neimat, a human rights defender and anti-corruption activist, was targeted by the ForcedEntry exploit in February 2021. The researchers said the hacking of Al-Neimat’s phone is believed to be the earliest suspected use of ForcedEntry.

Another Jordanian journalist and human rights defender’s phone was targeted, according to the researchers, but who asked for her identity not to be disclosed.

Apple is the latest tech giant to file suit against NSO for hacking into its customers’ phones. NSO is also currently embroiled in a legal battle with Facebook for using a then-unknown vulnerability in WhatsApp to hack into some 1,400 phones belonging to members of civil society. Last year, a U.S. appeals court rejected NSO’s claim that it was entitled to protection of a foreign sovereign, in this case Israel.

NSO, which did not respond to a request for comment, has long said it sells its spyware only to law enforcement and intelligence agencies. A spokesperson for the Jordanian Embassy in Washington DC responded to our requests for comment.

Source link