According to new research from the University of Toronto Citizen Lab, the Israeli NSO Group has continued to utilize iPhone security applications to exploit and influence the devices. Best known for its zero-click spyware “Pegasus,” the NSO Group has a history of enabling customers with questionable human rights records to spy on citizens. The Citizen Lab was first tipped off to new NSO Group spyware in 2022 after two Mexican human rights activists’ devices were infected. The activists are from Centro PRODH, which was also targeted with Pegasus spyware in 2016 when the group represented the families of 43 missing student protesters.

Jorge Santiago Aguirre Espinosa, director of Centro PRODH, was found to have active spyware on his device in June and July last year via the FINDMYPWN exploit. This exploit chain was deployed against iOS versions 15.5 and 15.6 through a combination of FindMy and iMessage applications. In October 2022, NSO Group released a new zero-click exploit called PWNYOURHOME which utilized the HomeKit and iMessage applications on devices with iOS 16.0.3. Both of these exploits were the first Citizen Lab has found to utilize two separate remote attack surfaces on the iPhone. Apple commented that Lockdown Mode seems to have disrupted the spyware from functioning, but Citizen Lab noted it is possible NSO Group has found a way to circumvent this protection.

Read More:

https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/

https://www.forbes.com/sites/thomasbrewster/2023/04/18/nso-hacks-apple-find-my-iphone/?ss=cybersecurity&sh=619296ac567c