| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to the NSO Group's spyware products, particularly the alleged hacking tool "Kismet" and the software "Pegasus", has been reported to have occurred again within the same organization. Citizen Lab researchers discovered the alleged hacking tool, Kismet, being used by NSO clients against journalists in the Middle East [108792]. This indicates a recurrence of the software failure incident within the NSO Group's products and services.
(b) The software failure incident involving the NSO Group's spyware products, specifically the alleged hacking tool "Kismet", has also been suggested to have affected a broader range of individuals beyond the initial reported cases. Citizen Lab mentioned that given the global reach of NSO Group's customer base and the vulnerability of almost all iPhone devices prior to the iOS 14 update, the observed infections were likely a small fraction of the total attacks using this exploit [108792]. This implies that similar incidents may have occurred at other organizations or with their products and services. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the development and exploitation of the alleged hacking tool "Kismet" by NSO Group. The tool was designed to exploit a zero-day vulnerability in iMessage to seize control of iPhones without any user interaction, leaving no visible trace. This design flaw allowed for the installation of spyware on target phones without the need for the victim to click on anything, making it a significant security risk [108792].
(b) The software failure incident related to the operation phase is evident in the misuse of the Pegasus spyware, another software sold by NSO Group. The spyware had the capability to track location, access passwords, record audio, and take pictures via the phone's camera. This misuse of the software by NSO Group's clients against journalists highlights the operational failure in using such powerful surveillance tools against individuals, potentially violating privacy and security [108792]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) The software failure incident related to the NSO Group's spyware and hacking tools, such as Kismet and Pegasus, can be categorized as within_system failure. The tools were allegedly armed with a zero-day exploit that used a vulnerability in iMessage to seize control of iPhones at the push of a button [108792]. This exploit allowed for tracking locations, accessing passwords, recording audio, and taking pictures via the phone's camera. The failure originated from within the system as the tools were designed and sold by the NSO Group for surveillance purposes.
(b) The software failure incident can also be categorized as outside_system failure as the exploit targeted vulnerabilities within the iOS operating system on iPhones. The exploit was able to bypass the security of iPhones, even those running the latest version of iOS at the time [108792]. This highlights how external factors, such as vulnerabilities in the iOS system, contributed to the success of the attack. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the articles is primarily related to non-human_actions, specifically a zero-click, zero-day exploit named "Kismet" that used a vulnerability in iMessage to seize control of iPhones without the need for any user interaction [108792].
(b) However, human_actions are also involved as the spyware tool "Kismet" and the software "Pegasus" were developed and sold by the NSO Group for surveillance purposes, indicating human involvement in creating and deploying these tools [108792]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident related to hardware:
- The software failure incident reported in the article is not directly attributed to hardware issues. Instead, it is focused on the exploitation of a zero-day vulnerability in iMessage to seize control of iPhones [108792].
(b) The software failure incident related to software:
- The software failure incident reported in the article is primarily due to contributing factors that originate in software. The incident involves the alleged use of spyware developed by the NSO Group, particularly the software tools "Kismet" and "Pegasus," to exploit vulnerabilities in iOS devices, enabling extensive surveillance capabilities [108792]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the articles is malicious in nature. The failure was caused by the use of a zero-footprint, zero-click, zero-day exploit named "Kismet" by the NSO Group to target iPhones through a vulnerability in iMessage. This exploit allowed the NSO Group to seize control of iPhones without the users' interaction, enabling them to track locations, access passwords, record audio, and take pictures without the users' knowledge [108792]. The NSO Group's actions were aimed at conducting surveillance on specific individuals, indicating a malicious intent to harm the system. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident related to poor_decisions:
- The software failure incident involving the NSO Group's spyware and hacking tools, such as Kismet and Pegasus, was a result of poor decisions made by the NSO Group to develop and sell powerful surveillance tools that could be used for malicious purposes [108792].
- The NSO Group's products were allegedly used by nation states to target specific individuals, including journalists, by exploiting vulnerabilities in iOS devices [108792].
- The decision to create and sell software with capabilities to track location, access passwords, record audio, and take pictures without user consent reflects a poor ethical decision by the NSO Group [108792].
(b) The intent of the software failure incident related to accidental_decisions:
- The software failure incident was not accidental but rather a deliberate action by the NSO Group to develop and sell sophisticated spyware tools for surveillance purposes [108792].
- The use of zero-click, zero-day exploits to target iPhones and compromise user data was a calculated decision by the NSO Group, indicating that the incident was not accidental [108792]. |
| Capability (Incompetence/Accidental) |
development_incompetence, unknown |
(a) The software failure incident related to development incompetence is evident in the article as it discusses the alleged hacking tool "Kismet" developed by the NSO Group. The tool was described as a zero-footprint, zero-click, zero-day exploit that targeted iPhones through a vulnerability in iMessage. This sophisticated exploit allowed for complete control of the iPhone without the victim needing to click on anything, even on the latest iOS version. The capabilities of the spyware included tracking location, accessing passwords, recording audio, and taking pictures via the phone's camera [108792].
(b) The accidental aspect of the software failure incident is not explicitly mentioned in the provided article. |
| Duration |
temporary |
The software failure incident described in the articles can be categorized as a temporary failure. This is evident from the fact that the exploit known as "Kismet" was actively used by NSO Group clients against journalists for a period of time, with the first alleged attacks using Kismet reported in the summer, and logs from compromised phones suggesting similar techniques were used as far back as October 2019 [108792]. Additionally, Apple mentioned that the attack described in the research was highly targeted by nation states against specific individuals, indicating a specific and limited scope of the incident [108792]. |
| Behaviour |
value, other |
(a) crash: The software failure incident described in the article does not involve a crash where the system loses state and does not perform any of its intended functions.
(b) omission: The software failure incident does not involve a failure due to the system omitting to perform its intended functions at an instance(s).
(c) timing: The software failure incident does not involve a failure due to the system performing its intended functions correctly, but too late or too early.
(d) value: The software failure incident involves a failure due to the system performing its intended functions incorrectly. The NSO Group's spyware, particularly the Pegasus software, was used to track location, access passwords, record audio, and take pictures on iPhones without the users' consent [108792].
(e) byzantine: The software failure incident does not involve the system behaving erroneously with inconsistent responses and interactions.
(f) other: The software failure incident involves a sophisticated exploit known as "Kismet" that allowed for a zero-footprint, zero-click, zero-day exploit to take control of iPhones through a vulnerability in iMessage. This behavior is not explicitly covered in the options provided [108792]. |