Posted on 12/16/2021 3:40:38 PM PST by Governor Dinwiddie
Security researchers at Google’s Project Zero have picked apart one of the most notorious in-the-wild iPhone exploits and found a never-before-seen hacking roadmap that included a PDF file pretending to be a GIF image with a custom-coded virtual CPU built out of boolean pixel operations.
If that makes you scratch your head, that was exactly the reaction from Google’s premier security research team after disassembling the so-called FORCEDENTRY iMessage zero-click exploit used to plant NSO Group’s Pegasus surveillance tool on iPhones.
“We assess this to be one of the most technically sophisticated exploits we've ever seen,” Google’s Ian Beer and Samuel Groß wrote in a technical deep-dive into the remote code execution exploit that was captured during an in-the-wild attack on an activist in Saudi Arabia.
Google said it received a sample of the exploit from Citizen Lab and collaborated with Cupertino’s usually secretive Security Engineering and Architecture (SEAR) group on a technical analysis that discovered a head-scratching array of technical sophistication in an exploit platform sold to governments around the world.
The researchers said the sophistication of the exploit is confirmation that hackers at the Israel-based NSO Group have technical expertise and resources to rival those previously thought to be accessible to only a handful of nation states …
(Excerpt) Read more at securityweek.com ...
smartphones are just tiny burst mode computers that betray your privacy every day.
A very cool exploit...very impressive!
Virtualization is a powerful drug...
The only very very remotely similar thing that I've ever seen is using the "sed" utility as a general purpose programming language. Because "sed" is Turing complete, someone actually decided to use it for writing nontrivial programs. Why? I guess, "just 'cause".
But the folks who wrote this exploit wrote their own 64 bit processor using pixels in a gif image. Wow. Genius.
When will someone stop all this stuff. Someday perhaps a true hero will emerge and vanquish the tech lords. None of it does a bit of good.
“Describing the exploit as “pretty terrifying,” Google said the NSO Group hackers effectively booby-trapped a PDF file, masquerading as a GIF image, with an encoded virtual CPU to start and run the exploit.
“JBIG2 doesn’t have scripting capabilities, but when combined with a vulnerability, it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary memory. So why not just use that to build your own computer architecture and script that!? That’s exactly what this exploit does,” the researchers explained.
“Using over 70,000 segment commands defining logical bit operations, [NSO’s hackers] define a small computer architecture with features such as registers and a full 64-bit adder and comparator which they use to search memory and perform arithmetic operations. It’s not as fast as Javascript, but it’s fundamentally computationally equivalent.”
“The bootstrapping operations for the sandbox escape exploit are written to run on this logic circuit and the whole thing runs in this weird, emulated environment created out of a single decompression pass through a JBIG2 stream. It’s pretty incredible, and at the same time, pretty terrifying,” the Google researchers added.”
Holy crap!!! THAT took some brainpower. And lots of $$$.
they recognized their own work...
If we could just do this with GIFs of Obama, Biden, Harris, Pelosi, George Floyd........
Kind of a variation on “he who smelt it, dealt it.“.
But wait, he lives in Zürich, Switzerland, so I guess I'll give him a pass. But then, why is his first name Samuel?
.
Following the documented Pegasus attacks, Apple filed a lawsuit seeking to hold NSO Group accountable for the ongoing surveillance hacks that target iOS-powered devices.
The U.S. government has since added NSO Group to its “entity list,” a move that blocks American companies from doing business with the Israeli spyware vendor.
Please note that the US government has exempted itself from such rules, where matters of "national security" arise.
I bet that the Jan 6 committee has already bought the exploit for use against US citizens enemies of the State.
The government has access to those capabilities.
That’s why you have to open these rando files in an editor and look at the actual hex chars in there. PDF files can contain executable javascript, or you could put a picture in there - jpg or such - and have that exploit the interpreter that decode and displays the image. Lots of ways to make things break.
> it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary memory.
This would be an exercise given to 3rd year computer science students taking a machine organization or architecture class. Would be a lot of fun actually.
—”Israel has been known to have some of the best of the best talent in the whole world. “
Not to detract one iota from the Israelis, but everything we read in this article could simply be disinformation.
Intended to nudge a group of iPhone users in a preferred direction.
“a weapon against which there is no defense,”
“Short of not using a device, there is no way to prevent exploitation by a zero-click exploit,”
I would like to believe that somewhere we still have a functioning intelligence service?
And steganography is a thing.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.