NSO Group Is Back in Business With 3 New iOS Zero-Click Exploits

An investigation concludes that NSO Group was hired in 2022 to deploy Pegasus spyware against human rights workers in Mexico and other targets.

Dark Reading Staff, Dark Reading

April 18, 2023

1 Min Read
concept art of eye with digital overlay representing spyware
Source: Robert Brown via Alamy Stock Photo

Israeli spyware firm NSO Group is back with at least three new iOS 15 and iOS 16 zero-click exploit chains, which were used against human rights activists in Mexico and elsewhere across the world in 2022.

The Citizen Lab, an interdisciplinary research organization in Toronto focused on communications technologies, human rights, and global security, recently released the results of its investigation into NSO Group's recent activities.

The Citizen Lab team reported finding evidence that NSO Group was hired to use the exploit chains (known as PWNYOURHOME, FINDMYPWN, and LATENTIMAGE) to deploy Pegasus spyware against human rights groups in Mexico, including Centro PRODH, which represents families accusing the country's military of abuses.

"Our ensuing investigation led us to conclude that, in 2022, NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets around the world," Citizen Lab's report said.

Apple has since issued a HomeKit security update in iOS.16.3.1, the The Citizen Lab added.

Citizen Lab recommends high-risk users use the iOS 16 feature known as "Lockdown Mode." With Lockdown Mode engaged, targets of PWNYOURHOME exploit chain were provided with real-time alerts.

"Although NSO Group may have later devised a workaround for this real-time warning, we have not seen PWNYOURHOME successfully used against any devices on which Lockdown Mode is enabled," Citizen Lab said.

The revelations come on the heels of Citizen Lab and Microsoft outing another Israel-based spyware organization, dubbed QuaDream, which was offering cyber espionage tools and services to international governments to monitor and spy on private individuals. Shortly after the expose, QuaDream said it was closing up shop.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights