[HN Gopher] iOS 14.6 device hacked with a zero-click iMessage ex...
___________________________________________________________________
iOS 14.6 device hacked with a zero-click iMessage exploit to
install Pegasus
Author : amrrs
Score : 180 points
Date : 2021-07-18 19:43 UTC (3 hours ago)
(HTM) web link (twitter.com)
(TXT) w3m dump (twitter.com)
| Exuma wrote:
| This seems bad
| rubatuga wrote:
| anybody notice a lot of crashes in their iOS device lately?
| inter_netuser wrote:
| How often does yours crash?
| rubatuga wrote:
| There was a period from about 3 weeks to one week ago where I
| had crashes almost every day from Safari, Snapchat, and a few
| other apps. Maybe 1-3 times a day?
| toxik wrote:
| Definitely not normal, something eating lots of memory? Bug
| in some iCloud sync bs? If you're really keen on finding
| out what's going on, you can look at the system logs
| through xcode.
| konart wrote:
| Nope. Not a singe one since I've got my 11.
| eknkc wrote:
| Not really. Used to have more occasional crashes but my iPhone
| 12 crashed only once since I got it at launch.
| doggodaddo78 wrote:
| Nope. Haven't had a crash in months. iPhone SE 2020.
| Google234 wrote:
| Could be that your battery has deteriorated too muchz
| LoveLeadAcid wrote:
| Seems safe to assume that everybody's been infected by this
| point, eh?
| viraptor wrote:
| No. More infections = more noise. If you want to target
| specific people for a long time, you want to make as little
| noise as possible. This includes unexpected traffic, file
| artefacts, background energy use, etc.
|
| Although now that the cat is out of the bag, I'm sure some
| groups are working to reproduce it for mass-infection.
| Especially since this looks wormable.
| LoveLeadAcid wrote:
| I disagree, the NSA has shown us all that sucking in all data
| and worrying about sorting it later is the way to go.
|
| EDIT: yikes, I've upset the Unit 8200 agents.
| viraptor wrote:
| This is a different context, different targeted group,
| different use case, than what we've seen with global NSA
| monitoring. You're comparing apples to oranges.
| meowface wrote:
| Passively collecting data on the wire is different from
| actively exploiting a device to execute malware. Any entity
| trying to work with intelligence agencies is definitely
| going to be careful and somewhat sparing with their use of
| an "S-tier" zero-day like this. (Unless they have reason to
| believe it's already likely been burned, in which case they
| might decide to hastily machine gun it while it's still
| viable.)
| alfalfasprout wrote:
| With extremely valuable zero-days like this targeting is
| the way to go b/c you don't want the zero-day discovered by
| putting it out extensively in the wild. Obviously it's
| always a question of time anyways.
| mhh__ wrote:
| They are able to drink from the firehose, though. This is
| an exploit on a device rather than a nations
| infrastructure.
|
| That being said Stuxnet had done its business before it
| went public.
| zarzavat wrote:
| How are image parsing exploits still a thing in 2021? Can Apple
| not use Rust? I struggle to understand why Apple is still relying
| on C/C++ in such a well known security hotspot.
| JEFFERSONRUSH1 wrote:
| Do you need expert help in gaining access/passwords to Facebook,
| gmail, Instagram, yahoo-mail, snap-chat, twitter, Hotmail,
| various blogs, icloud, apple accounts or you want to trade on
| bitcoin etc. Password retrieval,clear debts,change of school
| grades, professional hacking into institutional servers, clearing
| of criminal records, smartphone,tablet portable device hacks, ip
| tracking and general tracking operations..........contact:
| hack.truth77@gmail.com
| DanAtC wrote:
| How long until the articles telling users to disable iMessage?
| timmytokyo wrote:
| I would hope Apple could do something quick and easy in
| response to this. From the original thread:
| BlastDoor is a great step, to be sure, but it's pretty lame to
| just slap sandboxing on iMessage and hope for the best. How
| about: "don't automatically run extremely complex and buggy
| parsing on data that strangers push to your phone?!"
| techrat wrote:
| Really goes to show Apple's approach to security, "feebly
| containerize something after it's already been severely
| exploited."
| Dah00n wrote:
| > _" as @AmnestyTech observed and we @citizenlab can confirm, NSO
| Group's Pegasus spyware delivered via 0-click exploits is no
| longer "persistent" in the strict sense of the word (i.e.,
| doesn't come back when you reboot). Persistence is achieved via
| firing the 0-click again. Because the 0-clicks they're using
| appear to be quite reliable, the lack of traditional
| "persistence" is a feature, not a drawback of the spyware. It
| makes the spyware more nimble, and prevents recovery of the "good
| stuff" (i.e., the spyware and exploits) from forensic analysis."_
|
| Oh that's bad.
| arkadiyt wrote:
| On the plus side, having persistence means attackers retain
| access through iOS updates. Their "persist-less" exploits will
| eventually be patched by Apple, at which point anyone who
| applies the update has a clean device.
| ec109685 wrote:
| On the server, we have firecracker and gvisor to provide and
| extra layer of defense by not allowing userspace to directly
| access the kernel.
|
| Will that be the future on client devices as well given kernels
| are just too complex to secure perfectly?
| arkadiyt wrote:
| As the tweet author notes, starting with iOS 14 Apple has moved
| iMessage parsing into a sandboxed "blastdoor" process - I'm
| surprised it was ineffective in stopping this exploit chain.
| tester756 wrote:
| Why there's so much parsing related exploits?
| amelius wrote:
| My guess: because most parsing uses the stack a lot, and
| the parsed language often allows arbitrary length inputs,
| both of which are connected to overflow problems, which in
| turn can often be exploited.
| wyager wrote:
| Because people implement parsers in languages that don't
| allow direct expression of grammars (e.g. C). To safely
| implement parsers you must choose either algebraic
| datatypes or continuation passing, and a lot of programmers
| choose neither. CPS is annoying in most languages. ADTs are
| the obvious choice but somehow in 2021 most people are
| using languages that don't have them. If you write a parser
| in Haskell, for example, you'd have to mess up pretty badly
| and write totally non-idiomatic code to write a parser that
| crashes at all, let alone crashes in a way that compromises
| memory safety.
| tester756 wrote:
| >ADTs are the obvious choice but somehow in 2021 most
| people are using languages that don't have them.
|
| Isn't inheritance to create hierarchy enough? why?
| Node SubNode1 SubNode2 SubNode1.1
| SubNode2.1
| wyager wrote:
| Using inheritance in this way is a hack to emulate some
| of the functionality of ADTs. Grammars are perhaps one of
| the most poignant examples where the various constructors
| in your type might have no behaviors in common, so
| adherence to a shared interface is nothing but a vague
| indication that these types are somehow related. Sealed
| classes let you recover a little bit more of the
| functionality.
| SheinhardtWigCo wrote:
| The future is memory safety, but to get there, they would need
| to rewrite and audit millions of lines of code. Targeted
| attacks against VIP users don't cause significant PR damage, so
| why go to all that effort?
| [deleted]
| collaborative wrote:
| I've been hearing of Pegasus for a good 3 years now. Is it so
| hard to patch devices to close whatever means it uses to hack
| them?
|
| Or is there also a Pegasus V2, V3, etc that plays catchup with
| OS's security patches?
| meibo wrote:
| It's the name of a iOS malware/RAT by NSO, an Israeli company
| that likes to sell their software to governments offering
| varying degrees of personal freedom around the world.
|
| It's been around with zero-click exploits for years, and
| apparently even now, after their big iMessage "security"
| rewrite with iOS 14. Very likely that they have other
| entrypoints as well though.
| stefan_ wrote:
| Just so no one is confused: as the Facebook lawsuit
| confirmed, NSO is running the C&C servers for their clients.
| They are not selling some software, "do what you want".
|
| It is NSO running these operations. They are directly
| implicated in whatever their malware ends up doing.
| drexlspivey wrote:
| Pegasus was also used by Saudi Arabia to hack Jeff Bezos'
| phone and it was MBS (the crown prince) himself that sent the
| iMessage to him.
| mandeepj wrote:
| It was a WhatsApp missed call
| eyeball wrote:
| how would one tell if they'd been hit with this?
| [deleted]
___________________________________________________________________
(page generated 2021-07-18 23:00 UTC)