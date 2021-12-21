Google’s Project Zero researchers discovered a zero-click exploit used to hack devices with Apple’s iOS operating system., which they have described as something incredible and terrifying.

“It’s one of the most technically sophisticated exploits we’ve ever seen, and that is at the level of attacks of the spies of the most advanced nation-states “, say the experts of Project Zero, a team created by Google in 2014, with the aim of improving internet security.

Said exploit, called ForcedEntry, it was developed by the Israeli hacker group NSO Group, the same one behind the controversial Pegasus spyware and the development of code capable of installing spyware in applications such as WhatsApp.

The original NSO exploit required the user to click a link, but the latest and most sophisticated exploits do not require any clicks, which is why it is known as a zero-click exploit.

To attack, ForcedEntry takes advantage of the way iMessage interprets certain files, such as GIFs, and manages to open a malicious PDF, without requiring any intervention by the user. For this, it makes use of the code of an old compression tool from the 90’s, which was used to process text in scanner images.

Once inside a device, the malware can configure its own virtualized environment and execute JavaScript-like code, without the need to connect to an external server. From there, gives the attacker access to the passwords, microphone, audio and more of the victim’s device.

The exploit is extremely difficult to detect and is “a weapon against which there is no defense”, Project Zero researchers said.

Apple recently filed a lawsuit against the group to “hold it accountable” for governments that use it to spy on iOS users. Apple claimed that targets are often activists, journalists, and other critics of regimes that routinely crack down on political dissent.

Apple also accused NSO of “flagrant violations” of US federal and state laws, while last month the US Department of Commerce added the NSO Group to a kind of blacklist, thereby prohibits its use in that country.