It was discovered in a brand-new investigation into the NSO Pegasus spyware incident released this week that the whole operation was exposed by a single phoney picture file that was unintentionally left on the phone of an activist
Reuters has this quote:
NSO Group, one of the world’s most sophisticated spyware companies, is now facing a slew of legal action and scrutiny in Washington over damaging new allegations that its software was used to hack government officials and dissidents around the world. A single activist has helped turn the tide against NSO Group.
It all began with a bug in her iPhone’s software.
Loujain al-Hathloul got an email from Google alerting her to the fact that state-sponsored hackers were attempting to get into the activist’s Gmail account, according to the report. Her iPhone was then sent to the Canadian privacy organisation Citizen Lab, which conducted a six-month investigation to see whether it had been subjected to any additional forms of invasive monitoring. To establish NSO’s involvement in the spyware, a single phoney picture file had been mistakenly left behind by surveillance virus.
The Citizen Lab’s Bill Marczak discovered what he called a “unprecedented” discovery after sifting through her iPhone records for six months: a malfunction in the surveillance software installed on her phone had left a copy of the malicious image file, rather than deleting itself, after stealing her messages.
The revelation “lead to a cyber blueprint and caused Apple Inc to warn thousands of additional state-backed hacking victims throughout the globe,” according to Marczak, who called it “a game changer.” More specifically:
According to Marczak, whose study was corroborated by Amnesty International and Apple experts, the Citizen Lab finding presented convincing proof the cyberweapon was manufactured by NSO.
Marczak claimed the malware detected on al-tablet Hathloul’s had code that indicated it was connecting with servers previously identified by Citizen Lab as being operated by NSO. “ForcedEntry” is the moniker given by Citizen Lab to this new way of hacking an iPhone. The sample was subsequently sent to Apple in September by the researchers.
In addition to fixing the vulnerability, Apple was able to notify thousands of iPhone owners who had been targeted by state-sponsored assaults because to this plan. November saw Apple file a lawsuit against NSO in America over the event. “Contractally and technologically unfeasible” assertions were made by political opponents of cyber intelligence, the NSO group said in a statement seen by Reuters. You can read the full report here.