NSO Wins Phone Exploit Of The Year Award, No-Shows Award Ceremony
from the NSO-still-hasn't-worked-past-denial-apparently dept
There’s no better way to admit you’re a pariah than skipping out on a celebration of your specific talents. Roman Polanski has passed on attending awards ceremonies out of fear of being extradited to face criminal charges related to the drugging and raping of a 13-year-old girl. Polanski remains a (cautiously) celebrated film director and continues to find work, but will not show up to collect awards because he (correctly) fears direct criticism, if not an actual arrest.
It seems (somewhat) unfair to label Israeli malware purveyor NSO Group the “Roman Polanski” of cellphone exploits. But, unfair or not, here we are noting the similarities between the lauded director/accused child rapist and NSO Group, the latter of which has passed on attending (a much more informal) awards ceremony, presumably in hopes of generating less negative press and/or being accosted by unhappy attendees who want to know why NSO is still in business.
This year, NSO Group was nominated for the Best Mobile Bug, for the exploit known as Forced Entry, an iPhone exploit that didn’t require any interaction from the victim, meaning targets could get hacked without realizing anything happened. Security researchers praised the technical sophistication of the exploit, calling it “mind-bending,” a bug that “goes into ‘holy smokes, what?!’ area,” with “several truly beautiful aspects,” and “absolutely stunning.”
When one of the Pwnie Awards organizers Sophia D’Antoine announced the prize, she asked if anyone from NSO was present to pick it up, or if anyone else would pick it up on behalf of NSO. No one from the attendees came to pick up the prize.
Maybe NSO Group considers the Pwnies to be the equivalent of regional Peabody awards and felt it wasn’t worth the expense to attend. Maybe the malware purveyor figures its above this sort of performative activity. Or maybe it would prefer to return to its glory days, where it sold to a number of human rights abusers while flying under the world press radar.
Whatever the case, NSO sat this one out. It was honored by some perhaps dubious peers who appreciated its ability to build a zero-click exploit that could be deployed successfully against iPhones, the acknowledged world standard for device security.
But, despite its unwillingness to accept a minor award for its exploit greatness, NSO reps still seem to consider it an honor to have been nominated, much less given an award.
“I didn’t even know that we were nominated,” Shalev Hulio, one of the founders of NSO Group, told Motherboard in an online chat.
When Motherboard told him that the reward was a cute little pony, he said: “Ah nice :)”
Yes. Nice. But NSO is far from nice. It has made millions for years by selling its products to government entities it knows will deploy them abusively. It’s only in recent months that it has displayed a change of heart. And that change of heart seems to have been provoked solely by a much more extreme change in acceptable exploit sales parameters. NSO will still do evil when it can. But, at the moment, its options are limited. And if that means skipping out on award ceremonies while it tries to rehabilitate its image, so be it.