News & Analysis

Can Apple Block Pegasus Spyware?

The NSO Group was in the news for all the wrong reasons over its Pegasus software that helped governments snoop in on individuals and groups

At a time when several governments around the world are facing flak over the use of Pegasus surveillance software, a new report suggests that Apple’s latest iPhones could be capable of blocking the snoop software sold by mercenary hacking provider NSO Group. Researchers say there is evidence that Apple’s Lockdown Mode can indeed battle such spyware.

Cybersecurity and human rights research group Citizen Lab released a report listing out three new zero-day exploits of the iOS15 and iOS16 and said that its Lockdown Mode actually helped block an attack by hackers using spyware made by the NSO Group. The spyware was used by governments to track journalists and human rights activists in the past. 

Three new zero-click hacks deployed

The Citizen Lab report said the Israeli spyware maker had deployed at least three new zero-click hacks against iPhones in 2022 in the hope of finding ways to penetrate Apple’s latest software updates. These attacks hit iOS15 and iOS16, says the lab based in Canada, which said that Apple had now fixed the flaws that NSO was exploiting. 

One of these attacks was blocked by Lockdown Mode, which was specifically designed to reduce the iPhone’s attack surface, which means the areas of code or features in a system that are most prone to attacks by hackers. The report said this was the first documented case of the Lockdown Mode having successfully protected a device from a targeted attack. 

Researchers at Citizen Lab said the targets’ iPhones blocked the hacking attempt and notified the user that Lockdown Mode had prevented a malicious attempt to access the phone’s Home app. However, the report cautions that NSO developers could soon find a way to fix this issue by simply fingerprinting the Lockdown Mode. 

It’s not surprising says Citizen Lab

Though civil rights groups may be worried about this trend, it does not surprise anyone as NSO has its core business revolving around spyware, says Bill Marczak, a senior researcher at Citizen Lab. In spite of Apple notifying the targets, and governments putting NSO on to a blacklist and Israel cracking down on its export licenses, the agency continues its work. 

“The fact that Lockdown Mode seems to have thwarted, and even notified targets of a real-world zero-click attack shows that it is a powerful mitigation, and is a cause for great optimism,” Marczak told TechCrunch. However, he warned iPhone users to remember to turn on the Lockdown Mode as this is an optional feature. 

Statements galore, but where does it end?

Meanwhile, Apple spokesperson Scott Radcliffe said in a statement that it was pleasing to note that Lockdown Mode had disrupted a sophisticated attack and alerted users even before the specific threat was known to Apple and security researchers. “Our security teams around the world will continue to work tirelessly to advance Lockdown Mode and strengthen the security and privacy protections in iOS,” the statement said. 

On their part, the NSO Group shared a statement saying “Citizen Lab has repeatedly produced reports that are unable to determine the technology in use and they refuse to share their underlying data. NSO adheres to strict regulation and its technology is used by its governmental customers to fight terror and crime around the world.”

In the past, NSO Group’s Pegasus software that is sold to governments, was known to have remotely obtained a phone’s location, messages, and photos among other things. Citizen Lab, Amnesty International and others have documented several cases where NSO customers used the company’s spyware to target journalists, human rights defenders and opposition politicians.

The latest findings could create more than some tremors in the United States, which had put NSO on a denylist that effectively barred any US company or individual from doing business with them. “Other companies have folded, but, at least for now, NSO is still able to bear these increased costs, and Pegasus remains an active threat to global civil society,” Marczak said.

Leave a Response