Tuesday, April 16, 2024

Another zero-click attack to spy on iPhone

During the forensic analysis of the well-known Pegasus tool of the Israeli company NSO, another vector of attack was found, by which iPhone users can invisibly eavesdrop


3 min read

Security researchers from Citizen Lab have discovered that an iPhone spying tool, Pegasus, was found on the devices of high-ranking UK officials. The victims of the attack include people from the Ministry of Foreign Affairs, but also from the Prime Minister’s Office.

All of this has been happening over the last two years, when Pegasus has been found on many devices of politicians, journalists, activists, and business people from all over the world – so this information is not so surprising.

What is new is that a forensic analysis of the attack on British officials has now revealed a hitherto unknown vector of attacks on iOS devices. It is a zero-click zero-day failure that allows the attacker to send a message to the victim – and then their spyware is created on the victim’s phone without the need for the user to click on a link or interact with any other malicious message. The attack was also discovered on the devices of Catalan activists, who were attacked at the end of 2019.



This new flaw, called HOMAGE, has been proven to be successful on iOS versions older than 13.2, so it is possible that it has been patched with this version of the operating system. However, Citizen Lab reported its discovery to Apple.

When it comes to the attackers, it is possible that the HOMAGE omission was used by the governments of Jordan, the United Arab Emirates, India, and Cyprus, but also Spain, when it comes to hacking the phones of activists for the independence of Catalonia.

The manufacturer of Pegasus, the Israeli NSO, does not reveal to whom it made all its spyware available.



Pegasus spyware can be populated on Android or (more often) iOS, by sending an infected link via SMS, WhatsApp, iMessage, and some other undetected vulnerabilities. Once a user clicks on a link (or not, in the case of a “zero-click” attack), this spyware can collect almost all important data from a mobile phone: messages, emails, photos, videos, correspondence, calendar, and phonebook entries, as well as location data. In addition, it can secretly activate the camera and microphone. Everything collected is able to pass on to the attackers.

Pegasus has been around since at least 2016 and has evolved over time to make it harder and harder to detect. The latest versions are even installed only in the working memory of the device, so turning off the phone disappears every trace of it.


The method of installation has also evolved, so it can now be installed on a mobile phone wirelessly, via a compromised WiFi network, if the target is found near it. Apple has updated and patched iOS several times since the advent of Pegasus, so it is unknown at this time whether it can spy on fully updated devices with the latest iOS.

The last patch against Pegasus was applied in September last year in iOS on 14.8.







Dudescode.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com