NSO Wins Phone Exploit Of The Year Award, No-Shows Award Ceremony
from the NSO-still-hasn't-worked-past-denial-apparently dept
There’s no better way to admit you’re a pariah than skipping out on a celebration of your specific talents. Roman Polanski has passed on attending awards ceremonies out of fear of being extradited to face criminal charges related to the drugging and raping of a 13-year-old girl. Polanski remains a (cautiously) celebrated film director and continues to find work, but will not show up to collect awards because he (correctly) fears direct criticism, if not an actual arrest.
It seems (somewhat) unfair to label Israeli malware purveyor NSO Group the “Roman Polanski” of cellphone exploits. But, unfair or not, here we are noting the similarities between the lauded director/accused child rapist and NSO Group, the latter of which has passed on attending (a much more informal) awards ceremony, presumably in hopes of generating less negative press and/or being accosted by unhappy attendees who want to know why NSO is still in business.
Here’s Lorenzo Fanceschi-Bicchierai with more details for Motherboard:
This year, NSO Group was nominated for the Best Mobile Bug, for the exploit known as Forced Entry, an iPhone exploit that didn’t require any interaction from the victim, meaning targets could get hacked without realizing anything happened. Security researchers praised the technical sophistication of the exploit, calling it “mind-bending,” a bug that “goes into ‘holy smokes, what?!’ area,” with “several truly beautiful aspects,” and “absolutely stunning.”
[…]
When one of the Pwnie Awards organizers Sophia D’Antoine announced the prize, she asked if anyone from NSO was present to pick it up, or if anyone else would pick it up on behalf of NSO. No one from the attendees came to pick up the prize.
Maybe NSO Group considers the Pwnies to be the equivalent of regional Peabody awards and felt it wasn’t worth the expense to attend. Maybe the malware purveyor figures its above this sort of performative activity. Or maybe it would prefer to return to its glory days, where it sold to a number of human rights abusers while flying under the world press radar.
Whatever the case, NSO sat this one out. It was honored by some perhaps dubious peers who appreciated its ability to build a zero-click exploit that could be deployed successfully against iPhones, the acknowledged world standard for device security.
But, despite its unwillingness to accept a minor award for its exploit greatness, NSO reps still seem to consider it an honor to have been nominated, much less given an award.
“I didn’t even know that we were nominated,” Shalev Hulio, one of the founders of NSO Group, told Motherboard in an online chat.
When Motherboard told him that the reward was a cute little pony, he said: “Ah nice :)”
Yes. Nice. But NSO is far from nice. It has made millions for years by selling its products to government entities it knows will deploy them abusively. It’s only in recent months that it has displayed a change of heart. And that change of heart seems to have been provoked solely by a much more extreme change in acceptable exploit sales parameters. NSO will still do evil when it can. But, at the moment, its options are limited. And if that means skipping out on award ceremonies while it tries to rehabilitate its image, so be it.
Filed Under: pwnies, surveillance
Companies: nso group
Comments on “NSO Wins Phone Exploit Of The Year Award, No-Shows Award Ceremony”
Come to America! Taste our institutional cuisine! Enjoy accommodations you literally cannot walk away from!
Act now, and we’ll give you an offer you cannot refuse!
What's this?
Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »
Come to America! Taste our institutional cuisine! Enjoy accommodations you literally cannot walk away from!
Act now, and we’ll give you an offer you cannot refuse!
its not just about sales to dictators
Hacking is illegal, so selling hacking software should likewise be illegal. I dont care if you say you wont sell to dictators (anymore). You shouldnt be selling it at all to anyone.
Re:
There’s something you’ve forgotten: it’s not a violation of the CFAA if the government does it. /s
Re:
At least in the US: “Hacking is illegal” in similar ways to “smashing stuff is illegal”. That is, it is extremely circumstantial (and depends on which definition of the term you are using).
Indeed, the library of congress even makes a list of “legal hacking” (for example jail breaking phones was, maybe still is, legal).
My point being: over generalizations like there are actually very unhelpful. They lead to reasoning that gives us stuff like “warrant proof encryption” (which is a term filled with nonsense that I wont dive into here).
Re: Re: again, hacking is illegal
Hacking as defined by law is “unauthorized computer access”, which this clearly falls under.
Re: Re: Re:
You clearly didn’t get the joke: smashing stuff is illegal (vandalism) unless you’re the police carrying out a search. Similarly, hacking is illegal unless you’re a government agency looking for CSAM someone doesn’t have. Q-/
This comment has been flagged by the community. Click here to show it.
cerave hydrating sunscreen spf 50
Glide the enrichment of CeraVe hydrating mineral sunscreen Spf 50 to help your skin cells fight the boiling yet harmful sun rays. CeraVe mineral sunscreen is applied to combat the damaging UVA/UVB sun rays without contributing to irritation. It is well-made with 100% mineral titanium dioxide and zinc oxide that structures a protective skin barrier on your skin to reflect the hot rays without irritating your delicate skin.
Re:
Your spam post is inaccurate in so many ways I don’t even know where to begin. I will tell you that no product consists of 100% of its active ingredient, though.
Re: Re:
i would have gone with “boiling yet harmful”, but yeah.
i do wonder sometimes how the legit product manufacturers feel about these vendors and spam.
This comment has been flagged by the community. Click here to show it.
online jewellery shop
carat9
Re:
No thanks. The only “carats” I like are tge ones you can eat.
Re: 100%?
Ohh! 😲
Cut and dyed Quartz from India!
This comment has been flagged by the community. Click here to show it.
NSO Group Ltd is a corporation that gets people killed
Your simile sucks, and the response here bears this out
Re:
If Roman Polanski did indeed drug and rape a 13-year-old girl (and the evidence he’s provided suggests he did), he could have killed her either through overdose or inflicting internal injuries. How does that make the comparison suck?
Re:
Your response bears out your response?
Good work at that, then.
Re:
lol do what now
Well then:
The fact that they exploited the iPhone is cause for…mild congratulations.
The award is well earned.
And, as usual, Apple patched it almost immediately. And then the patch was submitted to all the various BSD groups and patched out entirely in under 10 days total.
This is why, even more so than Linux, people don’t waste time attacking BSD! Including Apple software. You’ve got hours or days before the ninety-nine has upgraded and patched.
Unless your target device is in your hands, it’s generally a lost cause.
Re:
Unless your target device is in your hands, it’s generally a lost cause.
Said the Israeli spy company to no one ever.
carat9 is a online silver jewellery store in delhi
https://carat9.com/