In recent years, NSO Group made headlines amid allegations of developing espionage software intended for government use in combating criminal activity. However, the company faced scrutiny for enabling individuals and organizations to spy on rivals, opposition figures, and business associates.
Following these revelations, the US government imposed a trade ban on NSO Group’s operations across the country pending further review.
One notable incident involved a Saudi prince reportedly using NSO Group’s Pegasus software to uncover Amazon CEO Jeff Bezos’s affair with Lauren Sanchez in 2020.
Now, NSO Group is back in the spotlight with the development of a new intelligence-gathering tool known as ‘MMS Fingerprint.’
Essentially, MMS Fingerprint is another form of spyware designed to clandestinely gather intelligence from users, with or without their knowledge.
From a technical standpoint, it functions similarly to the Pegasus mobile spyware and can target devices running Android, iOS, Blackberry, or Windows operating systems.
Security analysts at cybersecurity and telecom firm ENEA have identified MMS Fingerprint as a zero-click device profiling software distributed via Multimedia Messaging Service (MMS). Unlike focusing on specific operating system vulnerabilities, this tool relies heavily on MMS traffic.
Once installed, MMS Fingerprint continually scans for vulnerabilities in mobile operating systems, transmitting gathered intelligence to command-and-control servers for tailoring Pegasus or other spyware as per the hacker’s instructions.
Cathal McDaid, a researcher at ENEA, emphasizes the importance of remaining vigilant against such online mobile threats and calls on governments to refrain from engaging with firms involved in such activities.