Users of Apple products, including mobile telephones, tablets, and watches, have been urged to update their devices to protect them from Israel's "mercenary" spyware company, the notorious NSO Group. The warning was issued yesterday by CitizenLab a day before Apple is expected to release its latest phone model.
CitizenLab is an interdisciplinary body at the Munk School of Global Affairs and Public Affairs at the University of Toronto in Canada. It issued the advice following the discovery of a vulnerability while analysing a phone belonging to a Saudi Arabian activist whose device had been infected with the NSO Group's Pegasus spyware.
"We discovered a zero-day zero-click exploit against iMessage," said CitizenLab in its report. "The exploit, which we call FORCEDENTRY, targets Apple's image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices." In effect, this means that all Apple devices are vulnerable to hacking by the Israeli firm.
"We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware," explained CitizenLab. It warned that the newly-discovered vulnerability has been exploited since at least February this year.
Apple has been alerted about FORCEDENTRY targeting its products. The tech giant has released an update to solve the problem. "We urge readers to update all Apple devices immediately," said CitizenLab.
In its denunciation of the Israeli firm, it added that the "NSO Group are facilitating 'despotism-as-a-service' for unaccountable government security agencies" and called for greater regulation.
The warning to all Apple users comes just over a month after the discovery of one of the biggest global hacking scandals involving the Israeli firm. As many as 50,000 phone numbers were said to have been selected for surveillance using Israeli technology, according to the Pegasus Project, the investigation which uncovered the hacking. This is a groundbreaking collaboration by more than 80 journalists from 17 media organisations in ten countries. The group's work was co-ordinated by Forbidden Stories, a Paris-based non-profit media organisation, and Amnesty International.
Concerns were raised about the NSO Group following the murder of Saudi journalist Jamal Khashoggi in the Saudi Arabian Consulate in Istanbul. The brutal killing of the 59-year-old in 2018 left a trail of evidence, including details of how the Saudi government used the Israeli spyware to target people close to him.