An iPhone belonging to a staffer at a Washington-based civil society organization was hacked remotely with spyware created by Israel's NSO Group.
The hack was discovered last week and reported to Apple Inc., which moved quickly to investigate and patch the breach, according to John Scott-Railton, a senior researcher with Citizen Lab at the University of Toronto's Munk School.
NSO Group has been sanctioned by the US since 2021 due to its Pegasus hacking tool, which has been used by some governments to target journalists and dissidents beyond their borders. It is a so-called zero-click hack, in which the user doesn't need to click on a link in order for malware to install software that can turn phones into real-time surveillance devices.
“The gravity of the attack, which is a zero click, combined with the fact that it was being actively used in the wild against civil society makes it clear that this is the kind of thing that needs to be taken really seriously and prioritized, and we're glad that Apple did that,” Scott-Railton said in an interview.
Citizen Lab called the exploit chain BLASTPASS in a blog post on Thursday, and said it was capable of compromising iPhones running the latest version of Apple's operating system without any interaction from the victim. A spokesperson for Apple confirmed the account.
“We are unable to respond to any allegations that do not include any supporting research,” a spokesperson forNSO Group said. The company has previously said Pegasus doesn't work on phone numbers with the 1 county code used in the US and Canada.
Citizen Lab did not identify the targeted individual or organization. Earlier this year, the research group found that NSO Group had used at least three zero-click methods to hack
Read more on tech.hindustantimes.com