Saudi Woman’s iPhone Helps Discover NSO Spyware: Researchers Can Now Trace Uncatchable Malware

Smartphones are portals to stay connected today. At the same time, they are doorways to hacking and spyware. We've heard of NSO Group, a spyware company facing legal action over allegations that its software was used to hack officials and important persons across the world. Tracing the spyware was possible because of a Saudi Arabic woman's iPhone.

Spyware has been one of the most discussed topics across the world as it had potentially accessed details of government officials in many countries. But an unusual error in the NSO spyware on Saudi women's rights activist Loujain al-Hathloul aided in discovering the spyware reports Reuters.

Woman Activist Helps Discover Spyware

It happened when a mysterious fake image file within her phone was accidentally left behind by Israeli spyware. Backed by security researchers, they were able to disclose the spyware that ultimately set off a legal storm in all countries. Here's the timeline of what happened:

Back in February 2021, Al-Hathloul was released from jail on charges of harming national security. She is one of Saudi's prominent activists, fighting against the ban on women drivers in the country. Once she was released from jail, she received an email from Google that state-backed hackers had tried to access her Gmail account.

Al-Hathloul feared her iPhone was also hacked, she turned to Canadian privacy rights group Citizen Lab to check her phone. "Citizen Lab researcher Bill Marczak made what he described as an unprecedented discovery: a malfunction in the surveillance software implanted on her phone had left a copy of the malicious image file, rather than deleting itself, after stealing the messages of its target," the report reads.

Cracking The Code

The Pegasus was one of the deadliest spyware that was discovered recently. Bill Marczak discovered the computer code left by the attack, something that the NSO Group was uncatchable. This created a storm as Apple notified thousands of state-backed hacking victims around the world.

Zero-click malware is very difficult to determine as it usually deletes itself once it infects the user. This leaves researchers and tech companies with nothing to study or determine the weapon that attacked their devices. Gathering evidence in such cases is close to impossible, researchers cite.

Thanks to the mistaken software glitch on Loujain al-Hathloul's iPhone, a virtual blueprint of the attack and evidence of who had built it could be determined. Going into the details, the researchers found "the spyware worked in part by sending picture files to al-Hathloul through an invisible text message," Reuters reports.

The image then tricks the iPhone to give access to the entire memory without needing any security codes. It can then install the spyware and steam a user's messages. "The spyware found on al-Hathloul's device contained code that showed it was communicating with servers Citizen Lab previously identified as controlled by NSO," Marczak said in the report.

The evidence was crucial for Apple to fix the vulnerability and notify thousands of other iPhone users who were targeted by the NSO spyware. Plus, Apple also sued NSP in federal court using the evidence from al-Hathloul's phone, which ultimately resulted in the blacklisting of the company.