Researchers have discovered a new version of Pegasus, the spyware created by the Israeli company NSO Group and used by governments around the world.
The NSO Group was recently at the center of a global scandal, when a list of tens of thousands of phone numbers of Pegasus victims , including journalists, activists and politicians , was revealed last July . Now, to the list should be added human rights activists in Bahrain, the target of a new version of Pegasus, according to experts from the Citizen Lab at the University of Toronto.
The new version of Pegasus stands out for being able to bypass the latest iPhone protections , implemented by Apple in recent versions of iOS precisely in response to investigations against Pegasus. Specifically, the researchers discovered tests of iPhone units running iOS 14.4 and iOS 14.6 that were hacked; both versions introduced security changes.
More shocking is that the spyware managed to bypass a large security measure implemented by Apple in iOS 14, called BlastDoor. Designed specifically to block attacks like those of Pegasus, it is capable of filtering malicious data that is transmitted through iMessage (‘Messages’ in Spanish).
Apple has decided not to respond to media inquiries, and therefore it is unclear whether this vulnerability has been fixed. Citizen Lab completed the investigation prior to the release of iOS 14.7 and iOS 14.7.1, the latest versions, and alerted Apple to these issues.
Apple does not clarify anything
Apple has only issued a public statement condemning cyberattacks, without specifying whether iPhones are already protected against them; states that BlastDoor is not the only security measure in place , and that the future iOS 15 has more defenses.
It’s unclear if that means current iPhones are unprotected until the arrival of iOS 15 , or if Apple implemented other intermediate measures. This lack of Apple’s own transparency has been harshly criticized by cybersecurity researchers in recent years, as these types of vulnerabilities have been discovered.
NSO Group sells its malware and spyware to governments, government agencies, the military, and law enforcement agencies. In the case of this new version, Citizen Lab claims that the government of Bahrain probably used it against nine activists, in the period between June 2020 and February 2021 , through an operator called LULU.
The malware installed itself on their phones automatically via message, without any action on their part, and thereafter logged usage and obtained data from the devices.
The NSO Group has not responded directly to this investigation. Last month, he promised to investigate “credible claims of misuse”; Since then, the Israeli company claims to have cut access to its software to five government clients for human rights abuses, although it did not specify who they were. For its part, the Bahraini government has completely denied the results of the investigation, calling them “unfounded accusations and erroneous conclusions”.