Citizen Lab Finds Three New Exploit Chains Used by NSO Group

Citizen Lab found three new ways in which NSO Group is able to get its Pegasus spyware onto devices running iOS 15 and iOS 16. That is the bad news. The good news is that Lockdown Mode, introduced with iOS 16, appears to prevent those exploit chains from working:

Apple’s Lockdown Mode feature makes signs of an attempted PWNYOURHOME attack visible to the phone’s user by displaying notifications (Figure 4). We have seen no recent notifications on Lockdown Mode, nor have we seen any evidence of successful PWNYOURHOME compromise on Lockdown Mode. Given that we have seen no indications that NSO has stopped deploying PWNYOURHOME, this suggests that NSO may have figured out a way to correct the notification issue, such as by fingerprinting Lockdown Mode.

Lockdown Mode adds many restrictions which would make a device much more cumbersome for regular users. But for high-risk users and likely targets, it should be considered essential.