NSO hacked iPhones without user clicks in 3 new ways, researchers say

The attacks targeted human rights activists who were investigating the 2015 mass kidnapping of 43 student protesters in Mexico, other suspected military abuses, and the related government response, Citizen Lab said. Mexico has been a major NSO customer.

How Mexico’s traditional political espionage went high-tech

According to Citizen Lab, one of the attacks, in September 2022, coincided with a report by international experts challenging government evidence in the 2015 case and its interference with the investigation.

It’s the latest sign of NSO’s ongoing efforts to create spyware that penetrates iPhones without users taking any actions that allow it in. Citizen Lab has detected multiple NSO hacking methods in past years while examining the phones of likely targets, including human rights workers and journalists.

Apple sues Israeli spyware maker NSO over its Pegasus spyware

While it is unsettling to civil rights groups that NSO was able to come up with multiple new means of attack, it did not surprise them. “It is their core business,” said Bill Marczak, a senior researcher at Citizen Lab.

“Despite Apple notifying targets, and the Commerce Department putting NSO on a blacklist, and the Israeli ministry cracking down on export licenses — which are all good steps and raising costs — NSO for the moment is absorbing those costs,” Marczak said.

Given the financial and legal fights NSO is involved in, Marczak said it was an open question how long NSO could keep finding or buying new exploits that are effective.

As NSO’s prominence has made it a symbol of government-level hacking, its repeated high-profile targeting has exposed it to researchers who are learning more of its tricks.

Working together and armed with new electronic evidence of attacks, Citizen Lab and Apple went back to old phones and found traces of other attack methods. That deeper knowledge will continue to grow, making future detections easier.

Takeaways from The Post's Pegasus Project investigation

NSO spokesman Liron Bruck declined to say whether the company was behind the hacks or whether it had still more attacks that are equally effective. He faulted Citizen Lab for failing to disclose its underlying data.

“NSO adheres to strict regulation, and its technology is used by its governmental customers to fight terror and crime around the world,” Bruck said by email.

It was unclear how many people were hacked with the newly discovered methods, and Citizen Lab declined to identify the ones it knew about.

An Apple spokesman, who provided information on the condition that he not be named, said the threats affected “a very small number of our customers” and that it would continue to build more defenses into its products.

Apple unveils new security feature to block government spyware

In one encouraging sign, some of the most recent attacks failed against users who had activated Apple’s recently introduced Lockdown Mode, which stops some communications from unknown callers and reduces the number of programs that are automatically invoked.

In an attack chain that used HomeKit — Apple’s framework for apps that control home lighting, temperature and other smart devices — iPhone users were warned that someone had tried to access the program but had been blocked, researchers said.

Those warnings stopped showing up after a time, presumably because the attackers figured out a way to access the program without triggering the warning or because they abandoned the method.

Marczak urged other likely targets to use Lockdown Mode as well.