February 19, 2024 at 09:02AM
Enea researcher discovered a new tactic used by NSO Group to deploy Pegasus spyware on mobile devices without user interaction. The tactic, called “MMS Fingerprint,” allows obtaining device details by sending an MMS message, exploiting MMS flow to retrieve device information. The researcher concluded that this could be leveraged for targeted attacks or phishing campaigns. No evidence of exploitation in the wild has been found.
From the meeting notes, it appears that a researcher at Enea has uncovered a new tactic available for use by Israel’s NSO Group to deploy its Pegasus mobile spyware tool on targeted individuals’ mobile devices globally. The tactic, termed “MMS Fingerprint,” was discovered within a contract between an NSO Group reseller and Ghana’s telecom regulator.
The MMS Fingerprint allows an NSO customer to obtain details about a target BlackBerry, Android, or iOS device and its operating system version by sending a Multimedia Messaging Service (MMS) message to it, with no user interaction required. The research suggests that this technique likely leverages the MMS flow itself rather than specific OS vulnerabilities.
The researcher’s investigation led to the conclusion that the HTTP GET request associated with the MMS flow includes user device information, providing NSO Group with the targeted device information. It is suspected that this information could be exploited to tailor Pegasus and other malicious payloads for target devices or to craft phishing campaigns against the device users.
The researcher’s investigation did not find evidence of anyone exploiting this technique in the wild. This new discovery sheds light on the potential use of MMS Fingerprint by NSO Group to further its surveillance capabilities.