Notorious NSO Group exploits flaw to send malicious messages and more
Old court documents were hiding a previously unknown flaw
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Notorious Israeli commercial spyware company NSO Group was reportedly offering a way to exfiltrate sensitive mobile phone data unlike anything ever seen before, experts have revealed.
A newreportfrom telecom security specialists Enea discovered the method while recently sifting through the documents filed during the court case betweenWhatsAppand NSO Group.
According to ENEA, in late 2019, WhatsApp committed into evidence a copy of a contract between an NSO Group reseller, and the telecom regulator of Ghana. In the contract, one of the features and capabilities NSO Group offered was called “MMS Fingerprint”.
Blocking malicious MMS messages
This feature, as it later turned out, was exploiting a vulnerability in both Android and iOS (but also in BlackBerry devices, apparently) to exfiltrate some sensitive data from the device.
After a bit of digging, ENEA managed to recreate the flaw, and then explained how it worked. Allegedly, the attacker could create a unique,maliciousMMS message, which the victim didn’t even need to open (or otherwise interact with). That message would trigger the device to return two unique pieces of information: the MMS UserAgent, and the x-wap-profile.
The former is a string that usually identifies theoperating systemand the device of the victim, while the latter points to a UAProf (User Agent Profile), that describes the capabilities of the target device.
This information, ENEA argues, could be used to profile the victim and prepare for more concrete attacks: “Both of these can be very useful for malicious actors. Attackers could use this information to exploit specific vulnerabilities or tailor malicious payloads (such as the Pegasus exploit) to the recipient device type. Or it could be used to help craft phishing campaigns against the human using the device more effectively,” the researchers explained in the report.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
While being able to steal data without victim interaction sounds ominous, the victims aren’t utterly helpless, ENEA adds. Mobile subscribers could disable MMS auto-retrieval on their handset, which would prevent the malicious messages from reaching their devices. Also, most mobile operators today filter these kinds of messages from being sent in the first place.
More from TechRadar Pro
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
Quordle today – hints and answers for Saturday, November 9 (game #1020)