NEW INVESTIGATION: recent Mexican #Pegasus spyware abuses led us to evidence of a trio of zero-click exploits used by #NSO.
Targets? HomeKit & FindMy.
Remarkably, #Apple's #iOS #LockdownMode blocked one of them.
Quick THREAD 1/
citizenlab.ca/2023/04/nso-gr…
2/ First, the new victims: Mexican lawyers representing families of victims of Military abuses
The timing of the targeting matches key developments in efforts to hold #Mexico's army responsible.
It's really bad.
We @citizenlab forensically confirmed the spyware infections.
3/ We found evidence of 3 #zeroclick #0day chains used by NSO's #Pegasus #spyware in 2022.
First: #PWNYOURHOME: worked against #homekit even if you didn't set up a home.
Apple's changes in iOS 16.3.1 that address.
#LockdownMode also kneecaps it.
4/ #FINDMYPWN and #LATENTIMAGE: #0click #0days We found traces of these iOS15 exploits on confirmed infected devices.
It appears common target = #findmy service.
Takeaway: services that connect iOS devices to cloud services, handle push notifications = perennial target.
5/ Our investigation into the #Mexican cases was done in close collaboration with NGO @R3Dmx, which continues to do amazing work defending victims of hacking and surveillance abuses in Mexico.
Please consider giving them a follow to boost their signal.
6/ By the way, Apple's experiment in higher security #LockDown mode... did its job!
Concerned about your security? Go turn it on.
Yes there are usability trade-offs, but for the first time we can say, in an evidence-backed way, that it can work.
support.apple.com/guide/iphone/l…
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.