What just happened? The Pegasus spyware developed by notorious Israeli tech firm NSO Group has once again raised its ugly head several years after it was originally deployed. While recent reports suggested the malware was coming to the end of its natural life, cybersecurity researchers have now found that NSO created at least three new zero-click hacks against iPhones, potentially jeopardizing the privacy and security of many activists and journalists.
The report about the renewed threat posed by Pegasus comes from Citizen Lab, which is based at the University of Toronto in Canada. The new version of Pegasus affects iPhones running iOS 15 and early versions of iOS 16. The spyware is said to have been deployed last year against human rights activists who were researching the 2015 disappearance of 43 student demonstrators in Mexico among other suspected human rights abuses by the country's military establishment.
While the Mexican government is known to be one of the leading users of Pegasus, the spyware was also reportedly used last year against "civil society targets around the world." The first deployment is believed to have happened on January 17, 2022, on an iPhone running iOS 15.1.1. The researchers identified the zero-click exploit as 'LATENTIMAGE' as it left very few traces on the device.
Before discovering LATENTIMAGE, the researchers also found two other zero-click exploits that they named 'FINDMYPWN' and 'PWNYOURHOME.' While the former was first deployed against iOS 15 in June 2022, the latter was used against iOS 15 and 16 starting in October 2022. Both are two-step zero-click exploits, with each targeting a different iOS app.
In the case of the former, the first step targets HomeKit, while the second affects iMessage. With the latter, the first step targets the Find My app, while the second step once again snoops on iMessage.
In October 2022, the researchers shared their findings with Apple, which has since fixed the vulnerabilities. However, that doesn't mean the threat from Pegasus and other spyware is over. The researchers are recommending that high-risk users like activists, journalists, government officials and corporate executives employ Apple's Lockdown Mode that's designed to tackle the growing problem of mercenary spyware.
The feature, which is available on iOS 16, iPadOS 16 and macOS Ventura, severely limits the abilities of a device, but can offer security from corporate espionage and state-sponsored hacking syndicates. It reportedly came in handy against the PWNYOURHOME exploit, as devices with the feature enabled received real-time warnings when they were targeted. According to the researchers, there are no known cases of the exploit being successfully used against devices with the Lockdown Mode switched on.