A newly disclosed zero-click iMessage exploit could be used to install NSO Group spyware on iPhones of Catalan politicians, journalists, and activities. The discovery comes from Citizen Lab researchers who called the zero-click flaw HOMAGE. The latter affects iOS versions before iOS 13.2, with the latest stable version being 15.4.
HOMAGE Zero-Click iMessage Exploit
The HOMAGE flaw was used in an operation that targeted at least 65 people with the infamous Pegasus spyware, in the years between 2017 and 2020. This was not the only flaw used in this campaign – it was deployed in combination with the Kismet iMessage exploit and a WhatApp vulnerability.
In 2019, WhatsApp patched CVE-2019-3568, which was also exploited by the NSO Group to hack Android phones around the world with Pegasus. The flaw allowed hackers to compromise devices using a form of advanced spyware developed by Israeli company NSO Group. The flaw was a buffer overflow in WhatsApp VOIP stack, which allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.
Exploits based on the WhatsApp flaw happened by calling either a vulnerable iPhone or an Android device via the WhatsApp calling function. The calls didn’t need to be answered, and often disappeared from logs.
According to Citizen Lab’s findings, victims of the campaign included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organizations, as well as family members in some cases.
As for the HOMAGE campaign, to analyze it, forensic evidence was obtained from victims who consented to participate in a research study with the Citizen Lab. Some of the victims consented to be identified via name in the report, while others chose to remain anonymous.
“The hacking covers a spectrum of civil society in Catalonia, from academics and activists to non-governmental organizations (NGOs). Catalonia’s government and elected officials were also extensively targeted, from the highest levels of Catalan government to Members of the European Parliament, legislators, and their staff and family members,” Citizen Lab noted. The researchers didn’t conclusively attribute the targeting to a specific government, but extensive circumstantial evidence points to the Spanish government.
Who is the NSO Group?
The company is the maker of Pegasus, an advanced spyware application that jailbreaks or roots infected devices enabling the spyware to go through private messages, activate the microphone and camera, and collect sensitive information.