1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Notorious NSO Group exploits flaw to send malicious messages and

    From TechnologyDaily@1337:1/100 to All on Mon Feb 19 18:45:06 2024
    Notorious NSO Group exploits flaw to send malicious messages and more

    Date:
    Mon, 19 Feb 2024 18:32:50 +0000

    Description:
    Old court documents were hiding a previously unknown flaw that allowed data exfiltration.

    FULL STORY ======================================================================

    Notorious Israeli commercial spyware company NSO Group was reportedly
    offering a way to exfiltrate sensitive mobile phone data unlike anything ever seen before, experts have revealed.

    A new report from telecom security specialists Enea discovered the method while recently sifting through the documents filed during the court case between WhatsApp and NSO Group.

    According to ENEA, in late 2019, WhatsApp committed into evidence a copy of a contract between an NSO Group reseller, and the telecom regulator of Ghana.
    In the contract, one of the features and capabilities NSO Group offered was called MMS Fingerprint. Blocking malicious MMS messages

    This feature, as it later turned out, was exploiting a vulnerability in both Android and iOS (but also in BlackBerry devices, apparently) to exfiltrate some sensitive data from the device.

    After a bit of digging, ENEA managed to recreate the flaw, and then explained how it worked. Allegedly, the attacker could create a unique, malicious MMS message, which the victim didnt even need to open (or otherwise interact with). That message would trigger the device to return two unique pieces of information: the MMS UserAgent, and the x-wap-profile.

    The former is a string that usually identifies the operating system and the device of the victim, while the latter points to a UAProf (User Agent Profile), that describes the capabilities of the target device.

    This information, ENEA argues, could be used to profile the victim and
    prepare for more concrete attacks: Both of these can be very useful for malicious actors. Attackers could use this information to exploit specific vulnerabilities or tailor malicious payloads (such as the Pegasus exploit) to the recipient device type. Or it could be used to help craft phishing campaigns against the human using the device more effectively, the
    researchers explained in the report.

    While being able to steal data without victim interaction sounds ominous, the victims arent utterly helpless, ENEA adds. Mobile subscribers could disable MMS auto-retrieval on their handset, which would prevent the malicious messages from reaching their devices. Also, most mobile operators today
    filter these kinds of messages from being sent in the first place. More from TechRadar Pro NSO Group spyware targeted senior EU officials Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/notorious-nso-group-exploits-flaw-to-se nd-malicious-messages-and-more


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)