Attention: With a gif they have the management of your mobile phone

How dangerous can malware become? Can someone through our mobile phone take control of our car? The President of CSIi Mr. Manolis Sfakianakis answers us.

Israeli security software vendor (NSO Group) is accused of “hacking” Apple’s iMessage.

NSO Group used “teased” GIFs, according to Google’s Project Zero security researchers, and in doing so managed to take control of the mobile device remotely. Victims didn’t even have to open the links in the iMessages for their devices to be compromised. They just had to get the malicious messages that were trapped with the NSO Group software.

Once the user received the message, iMessage, accepted and analyzed without asking you any image file with the extension “.gif”. In this way, the malware infiltrated the mobile and enabled remote management.

NSO Group discovered that it was possible to send fake GIF files, exposing over hundreds of thousands of lines of code in over 20 different image files. So, in this way he managed to take control of the devices.

NSO Group’s app, ‘FORCEDENTRY’, was discovered by the University of Toronto’s Citizen Lab, which discovered its traces on the devices of journalists and activists and shared it with Project Zero and Apple’s Security Engineering and Architecture researchers.

Researchers Ian Beer and Samuel Grob of Google Project Zero, who analyzed the FORCEDENTRY malware, rated it as the most “technically sophisticated piece of software they’ve seen so far.”

According to foreign press reports, after the security vulnerability was discovered, Apple made the decoding of GIFs take place entirely in the mobile operating system’s “sandbox” (an antechamber) which… clears the data in iOS 15.0 released on September 2022. Apple and Facebook have taken legal action against NSO Group over the alleged hacks.

See also  The design concept of the Unorthodox Warship AGENOR

How dangerous is it for us? How can we protect ourselves?

We asked the President of the International Cyber ​​Security Institute CSIi, Manolis Sfakianakis, who told “This is a dangerous piece of software, which if in the wrong hands can do harm. Android and iOS companies need to work closely together to eradicate this and protect their users if they haven’t already.”

Said Mr. Sfakianakis and added: “With this software if they target you they can even take control of a car, which is connected to an Android and iOS device. They can figure it out or stop it remotely. It’s something scary and dangerous.”

Related Posts