Security researchers uncover NSO Group iPhone attacks in Europe
Earlier this week, we saw research showing the noxious NSO Group continues to spy on people’s iPhones in Mexico. Now, Jamf Threat Labs has found additional attacks against human rights activists and journalists in the Middle East and Europe, one of whom worked for a global news agency.
The main thrust of the latest research is that while Apple has taken steps to protect devices running the most recent versions of iOS, these attacks are still being made against older iPhones. Jamf warns that the attacks “prove malicious threat actors will exploit any vulnerabilities in an organization’s infrastructure they can get their hands on.”
The researchers echo earlier warnings that variations in the manner of these attacks show that new exploits are being developed, and while security patches will protect some systems, not all of them are so protected. They also confirm that while Apple is monitoring for such compromises, it is not necessarily aware of every attack — so high-risk individuals must really develop their own security awareness.
What’s noteworthy is what people do when they are attacked. Most security experts prefer to explore what has happened before simply wiping or destroying subverted devices; doing so sometimes gives insight into the attackers.
Attackers will know if they’ve been caught if a device goes dark, and sometimes skilled security forensics teams can get good data from these devices. (This is the kind of information security researchers are publishing at present.)
“Inconsistent investigations and data collection hinders timely and comprehensive research on emerging attack,” the researchers warn.
That attacks have been surfaced by two different sets of security researchers inside a week shows that the invasive insidious mercenary attacks continue to take place, to the detriment of democratic debate. And while these attacks are expensive to operate today, as with anything in tech, they will become cheaper to run and will proliferate across the dark web, putting all users at risk, particularly those with older devices.
With that in mind, enterprises and high-risk individuals should take steps to protect themselves. One critical move, of course, is to use systems that still regularly receive software and security patches and to refrain from using older handsets that no longer do.
IT should also ensure any software, personal or professional, installed on devices is updated in a timely fashion, including on both personal and managed devices.
But against such sophisticated zero-day attacks, these protections aren’t enough, which is why Jamf Threat Labs shares additional advice to help improve the defense permiter:
As global political instability increases, it’s to be expected that security and security protection will become increasingly important to every enterprise user and technology firm in the months to come.
The fact that in one week both Citizen Lab and Jamf surfaced fresh cases of such attacks is likely to be grist to the mill for Apple’s own security teams, who no doubt are already working to put even more robust protections in place across the ecosystem.
Earlier this week, an Apple spokesperson said: “Our security teams around the world will continue to work tirelessly to advance Lockdown Mode and strengthen the security and privacy protections in iOS.”
When Apple sued NSO Group, the company providing many of these attacks, Ivan Krstić, head of Apple security engineering and architecture promised, “Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group.”
With this in mind, I’d be very unsurprised to see security becoming one of the important developer topics at WWDC 2023.
Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.