Researchers at Citizen Lab say a Bahraini human rights activist’s iPhone was silently hacked earlier this year by a powerful spyware sold to nation-states, defeating new “Blastdoor” security protections that Apple designed to withstand covert compromises.
Zack Whittaker for TechCrunch:
Citizen Lab, the internet watchdog based at the University of Toronto, analyzed the activist’s iPhone 12 Pro and found evidence that it was hacked starting in February using a so-called “zero-click” attack, since it does not require any user interaction to infect a victim’s device. The zero-click attack took advantage of a previously unknown security vulnerability in Apple’s iMessage, which was exploited to push the Pegasus spyware, developed by Israeli firm NSO Group, to the activist’s phone.
The hack is significant, not least because Citizen Lab researchers said it found evidence that the zero-click attack successfully exploited the latest iPhone software at the time, both iOS 14.4 and later iOS 14.6, which Apple released in May. But the hacks also circumvent a new software security feature built into all versions of iOS 14, dubbed BlastDoor, which is supposed to prevent these kinds of device hacks by filtering malicious data sent over iMessage.
MacDailyNews Note: Because of this new Pegasus zero-click exploit’s ability to circumvent BlastDoor, the researchers called this latest exploit ForcedEntry. More info: Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits
Timmy strikes yet again! Privacy? Nope. Security? Nope. You’re such a great CEO!
Its fun watching all the libturds vote down complaints about reduced privacy and security! LOL Can’t expect much from anyone who votes for a corrupt, racist dementia patient and a whore
As Tim Cook would say: “That’s phenawwwmenal.”
This sounds really baaad, but I’m lacking in the tech background that enables me to really know “how bad.”
Anyone savvy with a realistic take?
In simplest terms, it means “BlastDoor” has an exploitable hole and Apple needs to get it fixed before other hacks use the same weakness in iMessages.