Cybersecurity experts have described the spyware "Pegasus," developed by the Israeli company NSO Group, as a "terrifying electronic weapon with no defense against it."
Experts explained the "smart and amazing" technique that allows the program to breach phones, even iPhones, through "zero-click" capabilities, meaning that the targeted phone becomes compromised as soon as the message reaches it, regardless of whether the user clicks on the link contained within it, according to the "Times of Israel."
Cybersecurity researchers Ian Beer and Samuel Gross stated that NSO uses "one of the most technically advanced exploit operations ever seen" in this program. Beer and Gross are experts in the "Project Zero" team of Google, which is tasked with finding zero-day vulnerabilities and potential exploit points in software that may be unknown to developers and can be exploited by hackers in cyberattacks.
They noted that this technology has the capability to exploit both Android devices and iPhones, which are believed to have a highly secure system. This prompted Apple to file a lawsuit against the company based in Herzliya.
Beer and Gross indicated that the software developer offers its clients "exploitation technology with zero-click, meaning that targeted individuals, even if they are technically savvy, are unaware they are being targeted."
The researchers explained that in a zero-click scenario, user interaction is unnecessary, meaning the attacker doesn't have to send phishing messages; instead, they exploit the vulnerability silently in the background. Gilly Muller, the CEO of the multinational cybersecurity company Acronis, stated that with zero-click, "the user is completely passive, and there is no need to click on anything, nor do they have control."
He added to the "Times of Israel" that the flaw pertains to how Apple analyzes or processes GIF images and memes sent via the native messaging platform on iPhones (iMessage). The spyware developers used a "fake GIF" vulnerability and concealed a PDF file under the guise of a GIF to infiltrate the targeted person's phone using a code to execute the breach.
NSO's spyware managed to "hide code at the pixel level so that when the text message is received, the code is activated, and the game is over in some way."
Security consultant Gabriel Avner told the newspaper, "Security experts have long said: do not click on suspicious links, even from people you might know, and then NSO arrives with the zero-click vulnerability."
NSO faces a torrent of international criticism over claims that its software has been used in countries with poor human rights records, where thousands of human rights activists, journalists, and politicians have their phones compromised, making the issue a diplomatic concern for many of Israel's allies.
In early November, the U.S. Department of Commerce placed NSO on a blacklist, restricting the company’s relations with American firms due to allegations that it "enabled foreign governments to engage in cross-border repression."
This move is said to have played a role in prompting Israel to finally reduce the number of countries that local companies can sell internet technologies to and impose new restrictions on the export of cyber warfare tools.
It is noteworthy that Israeli cyber espionage companies are required to obtain permission from the Israeli Ministry of Defense to sell their products abroad.