A new report published on Tuesday by the Citizen Lab at the University of Toronto revealed several advanced and complicated hacking techniques used by Pegasus spyware, developed by the Israeli NSO Group for attacks against Apple devices in 2022.

The Citizen Lab found that a month after iPhone's iOS 16 operating system was officially released, the Israeli firm carried out attacks against phones with the updated version.

"NSO Group’s Pegasus spyware remains a threat, and their attack techniques continue to evolve," warned the Citizen Lab researchers.

Citizen Lab researchers Bill Marczak, John Scott-Railton, Bahr Abdul Razzak, and Ron Deibert, revealed three undiscovered ways for hacking Apple's new operating system.

According to the report, these are Zero-Click exploit chains, where hackers may break into the phones without the user clicking on a link or downloading any malware. which enables a covert, quiet infection that is undetectable.

The Citizen Lab report delves further into the techniques employed by NSO to circumvent iPhone protections.

The researchers found that PWNYOURHOME and FINDMYPWN are the first Zero-Click exploits that capitalize on various points in the software environment where an iPhone device may be prone to cyberattacks, including physical connections such as USB ports, internet connections, and other routes hackers can use to try to breach the device.

Related News

Exposed Israeli role in Pegasus spyware scandal downplayed by EU MEP

Researchers find Israeli-made Pegasus spyware used against Armenians

These techniques allowed the Israeli spyware to infect even the most up-to-date iPhones with the most recent versions of Apple's operating system.

The Citizen Lab researchers also pointed out that for a brief period of time, users who activated iOS 16's Lockdown Mode - an increased level of protection - encountered real-time notifications of attempted device infection.

In mid-July 2022, Apple unveiled the Lockdown Mode to block or disable some features and capabilities to prevent them from being taken advantage of by spyware.

The extreme, optional mode "hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware," Apple explained.         

"Although NSO Group may have later devised a workaround for this real-time warning, we have not seen PWNYOURHOME successfully used against any devices on which Lockdown Mode is enabled," the Citizen Lab report confirmed, adding that "it is encouraging to see that Apple’s Lockdown Mode notified targets of in-the-wild attacks."

"While any one security measure is unlikely to blunt all targeted spyware attacks, and security is a multi-faceted problem, we believe this case highlights the value of enabling this feature for high-risk users that may be targeted because of who they are or what they do," it suggested.

It is noteworthy that Apple is suing NSO Group in a US federal court, saying the Israeli firm's spyware was used to attack iPhone users worldwide.

In 2021, the US blacklisted the firm, stating that it had sold software that had been used to "maliciously attack" government officials, journalists, businesses, activists, academics, and diplomatic personnel.

Read more: Israeli cyberespionage firm meddled in 33 elections worldwide: Reports