The IT security researchers at Google have declared the NSO zero-click iMessage exploit as “Terrifying.”
Google Project Zero’s (GPZ) Ian Beer and Samuel Groß have shared details on a new exploit developed by the NSO Group that allows users (high-profile clients) of its software to access any iPhone and install spyware even when the victim doesn’t click a link.
“The capabilities NSO provides rival those previously thought to be accessible to only a handful of nation-states,” Google’s researchers noted.
The information on the exploit, dubbed FORCEDENTRY, was shared by Citizen Lab and Apple’s Security Engineering and Architecture (SEAR) group collaborated with the Google Project Zero team for technical analysis.
Wow. Just wow. This NSO zero-click iMessage exploit is the most impressive attack code I’ve ever seen. A whole computer architecture built out of a few logic operators… in an EXPLOIT!
The talent of the individuals who came up and developed this technique is beyond impressive https://t.co/X3nVli3bOC
— Dmitri Alperovitch (@DAlperovitch) December 16, 2021
According to GPZ, the new Zero-Click exploit that affects iOS version 14.7.1 and earlier is one of the most “technically sophisticated exploits we’ve ever seen.”
Beer and Groß stated that