Google Project Zero Researchers Explain Pegasus Zero-Click iMessage Exploit

Google has explained how surveillance company NSO Group developed an exploit that would allow users of its software to gain access to an iPhone and install spyware – without a target ever even clicking a link.

Google’s Project Zero team yesterday published a technical analysis of the FORCEDENTRY exploit that was used by NSO Group to infect target iPhones with its Pegasus spyware via iMessage.

Citizen Lab discovered FORCEDENTRY on an iPhone owned by a Saudi activist in March; the organization revealed the exploit in September. Apple released patches for the underlying vulnerability, which affected iOS, watchOS, and macOS devices, 10 days after that disclosure.

Project Zero says that it analyzed FORCEDENTRY after Citizen Lab shared a sample of the exploit with assistance from Apple’s Security Engineering and Architecture (SEAR) group. It also notes that neither Citizen Lab nor SEAR necessarily agree with its “editorial opinions.”

“Based on our research and findings,” Project Zero says, “we assess this to be one of the most technically sophisticated exploits we’ve ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states.”

Apple recently filed a lawsuit against NSO Group to “hold it accountable” for governments using it to spy on iOS users. Apple alleged that targets are often activists, journalists and other critics of regimes that routinely suppress political dissent.

Apple also accused NSO of “flagrant violations” of federal- and state-level laws in the US. Last month, the US Department of Commerce added NSO Group to its “entity list”, essentially banning it for use in the US.