iPhone Exploit: FORCEDENTRY, used to launch Pegasus attack against Bahraini activists

Published:

A recent discovery by researchers from Citizen Lab, a non-profit academic research and development lab headquartered at the University of Toronto in Canada, was that an exploit for iMessage was being used to target Bahraini activists with the Pegasus spyware.

In addition to the Bahraini government and entities affiliated with them (such as LULU, a well-known operator of the Pegasus satellite system, and others like them who are aligned with a different government), the monitoring activities were blamed on the Bahraini military.
This iMessage vulnerability, dubbed FORCED ENTRY by Citizen Lab, has been in use since February 2021, according to the group. An entity does not need to devise social engineering tactics in order to gain access to someone’s iPhone in order to exploit an iMessage vulnerability when using FORCE ENTRY in order to exploit an iMessage vulnerability.

Instead, they can simply wait for their target to perform an action, which is usually clicking on a link. The exploit is all that the attackers do. A button does not need to be clicked by the intended audience member. The term “zero-click” refers to assaults that do not need the user to do any action.
Interrelation of FORCED ENTRY and Megalodon
The terms FORCED ENTRY and Megalodon—the label referring to iMessage exploit behavior seen by Amnesty International’s research arm, Amnesty Tech, in July 2021—are synonymous.

FORCED ENTRY is launched at a device, causing IMTranscoderAgent to fail, which is a service that the device relies on to transcode and preview pictures in iMessage to be destroyed.

As reported by The Hacker News, FORCED ENTRY has devised a method of circumventing Apple’s BlastDoor security mechanism, which was created to guard against assaults such as those resulting from the KISMET vulnerability. The vulnerability can then download and render things from the Pegasus server after this agent has crashed, most likely pictures.
In a study published by Citizen Lab, the researchers say that they observed the FORCED ENTRY exploit being successfully deployed against iOS versions 14.4 and 14.6.

Bahraini activists, members, and authors affiliated with Waad (a political society), Bahrain Center for Human Rights (a Bahraini NGO), and Al Wefaq (described as “Bahrain’s largest opposition political organization”) have all been targeted and deployed by FORCED ENTRY, according to reports.

In the other exploit, we have KISMET.

Because of an iMessage weakness, FORCED ENTRY is actually the second known hack to be used to target journalists. A zero-day vulnerability for iPhone iOS versions 13.5.1 and higher was dubbed KISMET by Citizen Lab in 2020. It was also capable of hacking the iPhone 11, which was the most recent model available at the time of the hacking attack. The vulnerability and exploitability of iPhone devices that were available before to the introduction of iOS 14 were increased.

Not a shred of actual protection can be found!

It was thought by Citizen Lab researchers at the time of writing that users deactivating iMessage and FaceTime might have prevented the KISMET and FORCED ENTRY vulnerabilities from being used.

Users would still be vulnerable to malware and zero-click assaults even if these two are disabled, according to the researchers. It also implies that your once-encrypted message might be readily intercepted by attackers if you disable iMessage.
Additionally, if an iPhone user chooses to disable iMessage and FaceTime, there are other text and video chatting applications that they may use in their stead. For example, Signal is a free software project.

Related articles

Recent articles

[tds_leads title_text="Subscribe" input_placeholder="Your email address" btn_horiz_align="content-horiz-center" pp_checkbox="yes" pp_msg="SSd2ZSUyMHJlYWQlMjBhbmQlMjBhY2NlcHQlMjB0aGUlMjAlM0NhJTIwaHJlZiUzRCUyMiUyMyUyMiUzRVByaXZhY3klMjBQb2xpY3klM0MlMkZhJTNFLg=="]