John Scott-Railton Profile picture
Chasing digital badness. Sr. Researcher @citizenlab @UofT @munkschool. Fmr.Ed. @SecPlanner. Tweets mine. Other platforms @jsrailton too.

Sep 13, 2021, 6 tweets

🚨 UPDATE YOUR APPLE DEVICES NOW🚨

We caught a zero-click, zero day iMessage exploit used by NSO Group's #Pegasus spyware.

Target? Saudi activist.

We reported the #FORCEDENTRY exploit to @Apple, which just pushed an emergency update.

THREAD 1/
citizenlab.ca/2021/09/forced…

2/ Here's the story of the #FORCEDENTRY exploit:

Back in Mach my colleague @billmarczak was examining the phone of a Saudi activist infected w/#Pegasus spyware. Bill did a backup at the time.

A recent a re-analysis yielded something interesting: weird looking ".gif" files.

3/ Thing is, the ".gif" files...were actually Adobe PSD & PDF files...and exploited Apple’s image rendering library.

Result? Silent exploit via iMessage.

Victim sees *nothing,* meanwhile #Pegasus is silently installed & their device becomes a spy in their pocket.

4/ NSO Group says that their spyware is only for targeting criminals & terrorists.

But here we are... again: their exploits got discovered by us because they were used against an activist.

Thesis: discovery is inevitable byproduct of selling spyware to reckless despots.

5/ #FORCEDENTRY exploit bigger picture:

Popular chat apps are the soft underbelly of device security.

They are on every device, & some have a needlessly large attack surface.

Their security needs to be a *top* priority.

6/Less than a week from notification to patching #FORCEDENTRY.

@Apple can move fast. Great stuff. Herculean effort by teams there.

Company is obviously fed up with NSO & the mercenary spyware industry. Like Google, Facebook, and the rest of the legit tech industry.

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling