Published on February 19, 2024, 4:14 pm

Title: Uncovering Advanced Spyware Tactics: The Risks And Solutions To Combat Data Theft

The discovery of a new method by the NSO Group, a well-known Israeli commercial spyware company, has raised concerns among experts. A recent report by Enea, a telecom security specialist, unveiled this revelation while examining documents revealed during the court case involving WhatsApp and NSO Group. The report highlights that in late 2019, WhatsApp presented a contract between an NSO Group reseller and the telecom regulator of Ghana, showcasing a feature named “MMS Fingerprint.”

This feature was found to exploit vulnerabilities in Android, iOS, and even BlackBerry devices to extract sensitive data from the target device. Enea managed to replicate this flaw and outlined how it functioned. Essentially, an attacker could send a unique malicious MMS message that would prompt the device to disclose two distinctive pieces of information: the MMS UserAgent and x-wap-profile.

The MMS UserAgent typically identifies the operating system and device of the victim, while the x-wap-profile describes the capabilities of the targeted device. According to Enea’s analysis, this information could be utilized to profile victims for subsequent attacks or tailor exploits like Pegasus specifically for their devices. It could also aid in crafting more effective phishing campaigns against users.

While the idea of data theft without user interaction is concerning, Enea suggests preventive measures are available. Mobile subscribers can disable MMS auto-retrieval on their devices to block such malicious messages. Additionally, many mobile operators have filters in place to prevent these types of messages from being delivered.

Overall, this discovery sheds light on potential security risks posed by advanced spyware methods like those employed by NSO Group and underscores the importance of staying vigilant against evolving cybersecurity threats.


Comments are closed.