Introduction
In a special interview with Haaretz newspaper, an explanation was provided on how NSO's spyware, “Pegasus,” has managed to hack Apple’s iOS iPhones.
Google’s “Project Zero” published a technical report examining how NSO’s spyware succeeded in secretly infecting iPhones. In the report, “Project Zero” researchers shed light on a new, highly sophisticated exploit method recently exposed, called “ForcedEntry.”
Exploitation via iMessage
Dean Bar, HackersEye COO, explains how Pegasus exploited the way iMessage (Apple’s messaging platform) handles GIF files. NSO’s developers made PDF and JBIG2 files impersonate a GIF file. These files essentially act as a virtual processor, hacking into a device long before the SMS is even received.
Implications for Cybersecurity
The findings highlight that the “unique” skills once associated only with advanced governmental organizations are now essentially public property, available to private companies and individuals. This represents a significant shift in the cybersecurity landscape.
