Science & Technology News

2021-12-21 09:28:39+00:00

How the iPhone was jailbroken

Google Project Zero, a group of security experts looking for software vulnerabilities that could be exploited by hackers, has published its analysis of the ForcedEntry exploit. The ForcedEntry exploit was developed by the Israeli firm NSO Group, which exploited it and a vulnerability in Apple's iMessage platform to deploy its Pegasus spyware.

The Google Project Zero team used a ForcedEntry sample provided by the University of Toronto's Citizen Lab experts who first discovered the exploit. In an in-depth analysis of the exploit, Project Zero stated that ForcedEntry uses a zero-click attack, which means the victim does not need to open a link or grant permission. The hack bypassed Apple iOS's zero-click security and, using Apple iMessage, hijacked Pegasus spyware devices.

ForcedEntry used the way iMessage accepted and interpreted files like.jpgs to trick the platform into opening a malicious PDF file without any user intervention. The exploit exploited a weak spot in an old compression technology designed to create compressed PDF files when scanning a document with a physical scanner. This same technology is still used by computers today.

ForcedEntry uses a script that consists of logical commands written directly to a masked PDF file. This allows him to organize and launch the entire attack while hiding in iMessage, making it even more difficult to find. The fact that ForcedEntry uses such a technology makes it unique in that many of these attacks must use a so-called command and control server to send instructions to the malicious program.

Project Zero's analysis is important not only because it reveals the details of how ForcedEntry works, but also because it shows how impressive and dangerous proprietary software can be.

Senior Fellow at Citizen Lab John Scott-Railton

Recall that at the end of November, Apple filed a lawsuit against the Israeli NSO Group and its parent company to bring them to justice for the surveillance and harassment of Apple users. The lawsuit contains new information about how the NSO Group infected the victims' devices with its Pegasus spyware.

bbabo.Net

Kenyan President Uhuru Kenyatta tells officers named in Anti-Corruption and Economic Crimes Act report to step aside
Faced with calls to tame graft in the Civil Service, President Uhuru Kenyatta on Thursday made the boldest
1 Million Kinas Relief Support For Usino-Bundi
Prime Minister of Papua—New Guinea Peter O'Neill, today ensured the people of Usino
Swedish Parliament Speaker to visit Vietnam
Mr. Urban Ahlin, Speaker of the Swedish Parliament, will pay an official visit to Vietnam on the occasion
Lithuania responded to accusations of attempts to attack Belarus with drones
Belarus (bbabo.net), - The drone attack on Belarus by Lithuania is “disinformation

Science & Technology News

How the iPhone was jailbroken

Kenyan President Uhuru Kenyatta tells officers named in Anti-Corruption and Economic Crimes Act report to step aside

1 Million Kinas Relief Support For Usino-Bundi

Swedish Parliament Speaker to visit Vietnam

Lithuania responded to accusations of attempts to attack Belarus with drones