How NSO Group’s iPhone-Hacking Exploit Works

Image for article titled How NSO Group's iPhone-Hacking Exploit Works

Photo: Amir Levy (Getty Images)

For years, the Israeli spyware vendor NSO Group has sparked fear and fascination throughout the international community via its hacking tools—the likes of which have been sold to authoritarian governments throughout the world and used against journalists, activists, politicians, and anybody else unfortunate enough to be targeted. The company, which has often been embroiled in scandal, has frequently seemed to operate as if by digital incantation—with commercial exploit attacks that require no phishing and malware that is all-seeing and can reach into the most private digital spaces.

But some of NSO’s dark secrets were very publicly revealed last week, when researchers managed to technically deconstruct just how one of the company’s notorious “zero-click” attacks work. Indeed, researchers with Google’s Project Zero published a detailed break-down that shows how an NSO exploit, dubbed “FORCEDENTRY,” can swiftly and silently take over a phone.

The exploit, which was designed to target Apple iPhones, is thought to have led to the hacking of devices in multiple countries—including those of several U.S. State Department officials working in Uganda. Initial details about it were captured by Citizen Lab, a research unit at the University of Toronto that has frequently published research related to NSO’s activities. Citizen Lab researchers managed to get ahold of phones that had been subjected to the company’s “zero-click” attacks and, in September, published initial research about how they worked. Around the same time, Apple announced it was suing NSO and also published security updates to patch the problems associated with the exploit.

Citizen Lab ultimately shared its findings with Google’s researchers who, as of last week, finally published their analysis of the attacks. As you might expect, it’s pretty incredible—and frightening—stuff.

“Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we’ve ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states,” write…