20.5k unique visitors in the last 3 days

Pegasus Spyware Zero-Click Exploit Shows Why Messaging Apps Need To Be More Secure

Researchers discovered a method to compromise Apple devices by attaching bogus GIF files to a message.

Last week researchers at The Citizen Lab, an interdisciplinary laboratory at the University of Toronto, published details of a zero-day, zero-click exploit used to spy on Apple devices which they believe was created by NSO Group, the Israeli spyware business behind the Pegasus Project privacy scandal. They have given the exploit the name of ‘FORCEDENTRY’ and claimed it has been used since at least February 2021 to remotely install spyware on devices running Apple iOS, MacOS and WatchOS. Apple responded with a security patch on the same day as the exploit was published.

The Citizen Lab identified a number of suspicious files with a .gif extension in the backup of a phone which had been hacked with the NSO Group’s spyware. The files had been received by the phone immediately before it was hacked and were found in the folders used to store attachments to messages; a redacted listing of the files is pictured below.

Closer examination showed these files were not actually GIF images. The files used Adobe’s PDF file format to create an integer overflow in Apple’s image rendering library. The Citizen Lab attributed the exploit to NSO Group because of bugs and process names identical to those found in other spyware known to have been developed by NSO Group.

Apple likes to position itself as the most privacy-oriented of all the handset manufacturers, but until this exploit was identified it was possible for spies to remotely insert software on to an iPhone so they could: switch on and listen to the phone’s microphone; obtain access to any files stored on the handset; and read any messages the device sent or received. They could do this by simply sending a message to the phone, even if the user did not click on attached files.

All the fuss about implementing data protection laws like GDPR or fining businesses that share personal data too freely will be rendered irrelevant if the phone in your pocket can easily be turned into a surveillance device. The history of messaging reveals scant regard for securing this form of communication from eavesdropping, and the habitual under-engineering of messaging technology is the soft underbelly of communications privacy. Apple appears to be sincere about protecting the privacy of its customers, so the successful targeting of vulnerabilities unique to Apple products shows just how great is the gap between the expectations of those customers and the extent to which their privacy can be undermined. All vendors of messaging technology need to be conscious that they are on the front line of the war over network privacy.

You can read The Citizen Lab’s summary of their research into FORCEDENTRY by clicking here.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email