Google Project Zero Yayi Zurfi akan KARFIN FARKO wanda Kungiyar NSO ke Amfani dashi

Kungiyar Google Project Zero ta buga wani fasaha bincike na FORCEDENTRY amfani da ƙungiyar NSO ta yi amfani da ita don cutar da iPhones masu niyya tare da kayan leƙen asiri na Pegasus ta iMessage.

Citizen Lab ya gano FORCEDENTRY akan wayar iPhone mallakar wani dan gwagwarmayar Saudiyya a watan Maris; kungiyar saukar da amfani a watan Satumba. Apple ya fitar da faci don raunin raunin da ya shafi iOS, watchOS, da na'urorin macOS, kwanaki 10 bayan wannan bayanin.

Project Zero ya ce ya nazarci KARYA bayan Citizen Lab ya raba samfurin cin gajiyar tare da taimako daga rukunin Injiniya da Gine-gine na Apple (SEAR). (Har ila yau, ya lura cewa ba Lab Citizen ko SEAR ba dole ne ya yarda da "ra'ayoyin edita.")

"Bisa bincikenmu da bincikenmu," Project Zero ya ce, "muna tantance wannan ya zama ɗaya daga cikin mafi kyawun fa'ida da muka taɓa gani, yana ƙara nuna cewa ƙarfin NSO yana ba da abokan hamayyar waɗanda a baya tunanin za su iya isa ga kaɗan kawai. na jihohin kasar."

Sakamakon rushewar ya ƙunshi komai daga ginanniyar tallafi na iMessage don GIFs-wanda Project Zero da taimako ya bayyana a matsayin “mafi yawan Hotunan raye-raye ƙanana da ƙanana waɗanda suka shahara a cikin al'adun meme”—zuwa fassarar PDF wanda ke goyan bayan ɗan ƙaramin hoto na JBIG2.

Menene alaƙar GIF, PDFs, da JBIG2 tare da lalata wayar ta iMessage? Project Zero yayi bayanin cewa Ƙungiyar NSO ta sami hanyar amfani da JBIG2 don cimma abubuwa masu zuwa:

“JBIG2 ba shi da ikon yin rubutu, amma idan aka haɗa shi da rauni, yana da ikon yin koyi da da’irori na ƙofofin dabaru na sabani da ke aiki akan ƙwaƙwalwar ajiya ta sabani. Don haka me yasa ba za ku yi amfani da wannan kawai don gina gine-ginen kwamfuta da rubutun ku ba!? Wannan shine ainihin abin da wannan cin zarafi yake yi. Yin amfani da umarni sama da 70,000 da ke bayyana ayyukan bit na ma'ana, suna ayyana ƙaramin gine-ginen kwamfuta tare da fasali kamar rajista da cikakken ƙarar 64-bit da kwatancen waɗanda suke amfani da su don bincika ƙwaƙwalwar ajiya da aiwatar da ayyukan lissafi. Ba shi da sauri kamar Javascript, amma yana daidai da ƙididdiga. "

Duk wannan shine a ce ƙungiyar NSO ta yi amfani da codec na hoto wanda aka yi don matsawa baƙar fata-da-fari PDFs don haka zai iya samun wani abu "ainihin lissafin daidai" zuwa yaren shirye-shirye wanda ke ba da damar yanar gizo. apps don aiki uwa da manufa ta iPhone.

"Ayyukan bootstrapping don amfani da akwatin tserewa na sandbox an rubuta su don gudana akan wannan da'irar dabaru kuma duk abin yana gudana a cikin wannan yanayi mai ban mamaki, wanda aka kwaikwayi daga ratsawa guda ɗaya ta hanyar JBIG2," in ji Project Zero. "Yana da kyawawan abin ban mamaki, kuma a lokaci guda, kyakkyawa mai ban tsoro."

Labari mai dadi: Apple ya daidaita FORCEDENTRY tare da sakin iOS 14.8 kuma ya haɗa da ƙarin canje-canje a cikin iOS 15 don hana irin wannan harin. Labari mara kyau: Project Zero yana watse binciken fasahar sa zuwa shafukan yanar gizo guda biyu, kuma ya ce na biyun bai gama ba tukuna.

Amma ko da rabin binciken yana taimakawa wajen kawar da cin zarafi da ya haifar da kokewar jama'a, Ma'aikatar Ciniki ta Amurka ta sanya NSO Group cikin jerin sunayen mahalli, da kuma karar Apple a kan kamfanin. Kungiyar NSO ta kirkiro Pegasus; yanzu Project Zero yana bayyana yadda ya koyi tashi.