iPhone hack: NSO malware builds a computer inside your phone to steal data

An incredibly sophisticated piece of malware developed by the Israeli tech firm NSO Group works by creating an entirely separate computer inside the memory of an iPhone, allowing attackers to snoop and steal data


16 December 2021


The hack targeted iPhones

Photo by Richard Drew/AP/Shutterstock

NSO Group, an Israeli tech firm, developed malware to hack iPhones by creating a “computer within a computer” capable of stealing sensitive data and sitting undetected for months or even years, researchers at Google have revealed.

The malware is part of NSO Group’s Pegasus software tool, which it is thought to have sold to countries including Azerbaijan, Bahrain, Saudi Arabia, India and the United Arab Emirates. US law-makers have called for sanctions against the firm.

Pegasus allows a user to read data from smartphones and spy via their microphones and cameras. The latest feature of the tool to emerge publicly, which has been called ForcedEntry, is also one of the most powerful and concerning to date, according to security experts.

The technical details were unravelled by members of the Project Zero security team at Google with the help of Citizen Lab at the University of Toronto in Canada, which investigates computer security and its impact on human rights. The attack is a “zero click” vulnerability, which means that the target doesn’t need to be tricked into clicking a link, putting even careful and technically savvy users at risk.

A specially crafted iMessage is sent to the target’s iPhone containing a fake GIF animation. Due to the way Apple’s…