In a groundbreaking revelation, the non-profit research organization Citizen Lab has confirmed the discovery of the ‘BlastPass’ exploit chain. This exploit chain was found to be used for delivering the notorious Pegasus spyware, which has raised serious concerns about the privacy and security of iPhone users. The most alarming aspect is that this exploit chain was capable of compromising iPhones running the latest version of iOS without any interaction from the victim.
Exploits used for delivering Pegasus Spyware
According to Citizen Lab’s findings, the ‘BlastPass’ exploit chain was specifically designed to deliver the powerful and invasive Pegasus spyware. Pegasus has long been known for its sophisticated surveillance capabilities, enabling attackers to remotely access and control targeted devices. The exploit chain identified by Citizen Lab is particularly alarming due to its ability to compromise iPhones without any action required from the targeted individual. This means that unsuspecting users could fall victim to the spyware without even realizing it.
NSO Group and commercial spyware developers
The NSO Group, the company behind Pegasus, is just one example of the commercial developers of spyware that operate in a legal gray area. These companies claim to sell their products exclusively for legitimate national security and law enforcement purposes. However, the reality is far different from their claims, as many autocratic regimes exploit these exploits and malware variants to spy on journalists, civil rights activists, dissidents, and other individuals who stand up for truth and justice.
Misuse of spyware by autocratic regimes
The discovery of the ‘BlastPass’ exploit chain and its link to the Pegasus spyware once again highlights the widespread misuse of surveillance technology by autocratic regimes. These regimes often employ spyware to suppress dissent, stifle free speech, and intimidate those who dare to challenge their authority. Journalists, civil rights activists, and dissidents become easy targets for surveillance, endangering their lives and compromising their ability to expose wrongdoing and promote accountability.
Lawsuits against the NSO Group
The grave consequences of the Pegasus spyware have not gone unnoticed, as both Apple and Meta have filed lawsuits against the NSO Group. The aim of these legal actions is to hold the company accountable for the spyware attacks perpetrated against their users. Apple and Meta have a responsibility to protect their customers’ privacy and security, and they have taken a decisive step forward by seeking justice against those responsible for the widespread surveillance and intrusion.
NSO Group’s blacklisting and Executive Order
Recognizing the dangers posed by the NSO Group and other similar entities, the Biden administration took action in 2021. The administration placed the NSO Group on an export blacklist, limiting its ability to operate freely and export its surveillance technology. This move serves as a strong message that the misuse of spyware will not be tolerated, and steps will be taken to curb its proliferation. Furthermore, in March 2023, the US President issued an executive order specifically banning government use of any commercial spyware that has been misused by foreign states. This marks a significant milestone in preventing the misuse of surveillance technology by state actors against innocent individuals.
Urgency for device updates
Given the alarming nature of the “BlastPass” exploit chain and the Pegasus spyware, it is crucial that all users, regardless of their platform, update their devices promptly. Regular updates often include security patches that address vulnerabilities, making it more difficult for attackers to exploit them. By keeping their devices up to date, users can effectively protect themselves against potential threats and enhance their privacy and security.
The discovery of the ‘BlastPass’ exploit chain by Citizen Lab and its association with the Pegasus spyware has shed light on the rampant misuse of surveillance technology. Companies like the NSO Group must be held accountable for providing autocratic regimes with tools that undermine democracy, human rights, and individual privacy. The legal actions taken by Apple and Meta, along with the blacklisting of the NSO Group and the executive order issued by the US President, indicate a collective effort to address this issue. However, the responsibility also lies with individual users to update their devices and actively protect their privacy and security. It is imperative that decisive steps be taken to ensure that the misuse of spyware is curbed, and individuals are safeguarded from unwarranted surveillance and intrusions into their personal lives.