1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This serious iPhone security flaw was exploited by a second Israe

    From TechnologyDaily@1337:1/100 to All on Fri Feb 4 20:30:04 2022
    This serious iPhone security flaw was exploited by a second Israeli spy firm

    Date:
    Fri, 04 Feb 2022 20:10:15 +0000

    Description:
    Infamous NSO Group not the only company to discover how to compromise iPhones without user interaction.

    FULL STORY ======================================================================

    The dreaded zero-click iOS vulnerability from NSO Group made headlines in
    2021 as it attackers to gain access to an iOS-powered endpoint without the users involvement.

    But it now seems NSO wasnt the only company that managed to pull off what Google reseachers described as a incredible and terrifying hack, as Reuters claims that at approximately the same time, another (but lesser-known) Israeli-based company, QuaDream, achieved the same goal.

    Researchers who analyzed the methodology of both companies have said they
    were very similar to one another, right down to the fact that once Apple patched up NSOs vulnerability, it also rendered QuaDreams one useless. Zero-click iOS exploits

    The NSO Group (an Israeli technology firm primarily known for its proprietary spyware) designed an attack mechanism against which there is no defense," as no mobile antivirus would be able to spot it.

    Also known as a zero-click exploit, its just as it sounds - the victim doesnt even need to click anything in order to be compromised, to have its data, or its identity , stolen. Basically, all it needs to do is receive an SMS
    message via Apples iMessage service.

    The attack methodology itself is rather complex, and involves fake gifs, CoreGraphics PDF parsers, the JBIG2 codec, and an entirely new computer architecture that is not as fast as Javascript, but it's fundamentally computationally equivalent. Read More

    More cyberattacks come from China than the rest of the world combined, FBI
    head claims


    WhatsApp spyware lawsuit receives boost after NSO Group no-show


    Apple sues NSO Group over spyware claims

    The vulnerability is logged as CVE-2021-30860, and has been fixed on
    September 13, 2021 in iOS 14.8. Apparently, there's also an Android version, but the researchers are yet to get a sample.

    Once the cat was out of the bag, the US Government blacklisted NSO, claiming it develops tools used against civilians, something NSO not only denied, but further stated that it works to"support US national security interests and policies by preventing terrorism and crime.

    AWS also banned NSO, Apple filed a lawsuit, which was later backed by pretty much every notable tech company in the States.

    NSO says the work wasnt a team effort, and QuaDream could not be reached for comment. Also check out our list of the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-serious-iphone-security-flaw-was-exploited -by-a-second-israeli-spy-firm/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)