Researchers call NSO zero-click iPhone exploit 'incredible and terrifying'

·Associate Editor
·2-min read
JACK GUEZ via Getty Images

Google researchers have described NSO Group's zero-click exploit used to hack Apple devices as "incredible and terrifying," Wired has reported. Project Zero researchers called it "one of the most technically sophisticated exploits we've ever seen" that's on par with attacks from elite nation-state spies. 

The Project Zero team said it obtained one of NSO's Pegasus exploits from Citizen Lab, which managed to capture it via a targeted Saudi activist. It also worked with Apple's Security Engineering and Architecture (SEAR) group on the technical analysis.

NSO's original exploit required the user to click on a link, but the latest, most sophisticated exploits require no click at all. Called ForcedEntry, it takes advantage of the way iMessage interprets files like GIFs to open a malicious PDF file with no action required from the victim. It does so by using old code from the 1990s used to process text in scanner images.

Once inside a device, the malware can set up its own virtualized environment and run javascript-like code, with no need to connect to an outside server. From there, it gives an attacker access to a victim's passwords, microphone, audio and more. The exploit is extremely hard to detect and is "a weapon against which there is no defense," Project Zero researchers said.

Apple recently filed a lawsuit against the group to "hold it accountable" for governments using it to spy on iOS users. Apple alleged that targets are often activists, journalists and other critics of regimes that routinely suppress political dissent. It also accused NSO of "flagrant violations" of federal- and state-level laws in the US. Last month, the US Department of Commerce added NSO Group to its "entity list", essentially banning it for use in the US.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting