In absolute awe that NSO would send an iOS jailbreak via SMS to an already paranoid target. The target simply forwarded the URL to a friend.
-
-
-
Here's the release from
@lorenzoFB which is so far the best writeup. Screenshots of the text messages and everythinghttps://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group … -
NSO used shared infrastructure to launch the attack, some of which had other domains with WHOIS info that revealed them as true owners.
-
“We’re a complete ghost” -NSO co-founder Omri Lavie Except for domains w/ real WHOIS, sending SMS, and strings in malware, sure.
-
Apple has a unique capability to respond to these issues. They can patch and users apply it. Discovery means the technique dies immediately.
-
Scary thought: If this works via clicking a link, it also works when injected into a browser session. Use a VPN!https://github.com/trailofbits/algo …
-
Reports from Citizen Lab and Lookout are both out now: Citizen Lab: https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/ … Lookout: https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf …
-
As usual, neither report contains *any* detailed analysis of the exploits, only the malware payload. The skills to do so are too uncommon.
-
"This vulnerability is complex" betrays a huge amount of information about the state of exploit knowledge in public.pic.twitter.com/Bo6NUYNw0p
-
lol don't try this at home kids https://twitter.com/ncweaver/status/768863660550729728 …
This Tweet is unavailable. -
Important to note: The NSO exploit chain DID NOT include a sandbox escape. This means their kernel exploits were good enough w/o one.
-
The lack of exploit analysis skill has consequences. No IOCs for pre-compromise detections. You have to wait until you get 0wned to find it.
-
People wondering why I'm not surprised: Amateurs produce iOS jailbreaks once a year (Pangu et al). Professionals won't be any less skilled.
-
People asking abt iOS10: Unlikely that existing toolkit works out of the box on 10. Even if underlying vulns still present, kit prob broken.
-
Absolutely true. 9.3.5 protects you from NSO customers, and expected copycat attacks once exploits become public. iOS10 more meaningful.
-
lol meant to subtweet Charlie on that last one. He's right. This jailbreak likely affects 10s or 100s of people.https://twitter.com/0xcharlie/status/768888565648412672 …
- 4 more replies
New conversation -
-
-
Hope this is already patched in the latest iOS 10 betas!
-
Major OS updates typically break the exploit technique even if the vulnerability still present. My guess: safe
End of conversation
New conversation -
-
-
I don’t really think that NSO is after me...
-
I've seen what you tweet. It's only a matter of time before your subversive activities catch the eyes of the authorities lol.
-
haha, fair. I am a socialist spy in America, trying to bring healthcare, sick days and work life balance, like the pinko scum I am!
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.