NSO Hacked iPhones Without User Clicks in 3 New Ways, Researchers Say

Israeli spyware maker NSO Group deployed at least three new "zero-click" hacks against iPhones last year, finding ways to penetrate some of Apple's latest software, researchers at Citizen Lab have discovered. From a report: The attacks struck phones with iOS 15 and early versions of iOS 16 operating software, Citizen Lab said in a report Tuesday. The lab, based at the University of Toronto, shared its results with Apple, which has now fixed the flaws that NSO had been exploiting. It's the latest sign of NSO's ongoing efforts to create spyware that penetrates iPhones without users taking any actions that allow it in. Citizen Lab has detected multiple NSO hacking methods in past years while examining the phones of likely targets, including human rights workers and journalists. While it is unsettling to civil rights groups that NSO was able to come up with multiple new means of attack, it did not surprise them. "It is their core business," said Bill Marczak, a senior researcher at Citizen Lab. "Despite Apple notifying targets, and the Commerce Department putting NSO on a blacklist, and the Israeli ministry cracking down on export licenses -- which are all good steps and raising costs -- NSO for the moment is absorbing those costs," Marczak said. Given the financial and legal fights NSO is involved in, Marczak said it was an open question how long NSO could keep finding or buying new exploits that are effective.

Read more of this story at Slashdot.