The discovery of a potential new infection technique by NSO Group, termed “MMS Fingerprint,” is hinted at in a contract between NSO and Ghana’s telecom regulator, as part of ongoing litigation with WhatsApp. The method claims to reveal target device and operating system information without user interaction, applicable to Android, Blackberry, and iOS. Investigation by Cathal McDaid of Enea revealed that the MMS flow, although messy, includes a point where device information is leaked during HTTP GET requests triggered by MMS retrieval. Enea successfully tested this method, demonstrating that it could expose device details silently, without displaying MMS content. While not observed in the wild, this method could streamline further attacks by tailoring payloads or crafting phishing campaigns based on device specifics. Although blockable and potentially mitigated by users disabling MMS auto-retrieval, its existence and NSO’s indication of availability raise concerns about potential exploitation.

Read more: https://www.securityweek.com/mysterious-mms-fingerprint-hack-used-by-spyware-firm-nso-group-revealed/