A recent report has revealed a new tactic employed by NSO Group, an Israeli spyware firm [1], known as “MMS Fingerprint,” to exploit vulnerabilities in Android, iOS [1] [2] [3], and BlackBerry devices [2].
Description
This attack targets unsuspecting users on WhatsApp [1], exposing their device information without requiring user interaction [1]. By utilizing the MMS flow, attackers can extract sensitive data by sending a malicious MMS message, disclosing the target device and OS version [1] [3]. This technique allows attackers to profile the victim and potentially carry out more targeted attacks, such as the Pegasus exploit [2] [3]. The attack was uncovered in a contract between NSO Group’s reseller and the telecom regulator of Ghana [1]. While there is no evidence of this method being used in the wild, concerns have been raised about the potential misuse of this technique, underscoring the ongoing threat to the mobile ecosystem [1].
Conclusion
The discovery of this new tactic highlights the need for increased vigilance and security measures to protect against potential cyber threats. It is crucial for users to stay informed about the latest security vulnerabilities and to take necessary precautions to safeguard their devices and personal information. Additionally, it is essential for companies and regulators to work together to address these vulnerabilities and ensure the security of the mobile ecosystem in the future.
References
[1] https://www.hackread.com/israeli-nso-group-mms-fingerprint-attack-whatsapp/
[2] https://www.techradar.com/pro/security/notorious-nso-group-exploits-flaw-to-send-malicious-messages-and-more
[3] https://www.cyberdaily.au/tech/10198-researchers-uncover-nso-group-s-novel-mms-fingerprint-hack