| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
NSO Group's spyware, Pegasus, has been involved in a software failure incident where it was used to hack into iPhones and other Apple devices. This incident is not the first time NSO Group's spyware has been linked to such activities. In the past, investigations have revealed that the spyware has been used by government clients to target journalists and human rights activists [118852].
(b) The software failure incident having happened again at multiple_organization:
The software failure incident involving the NSO Group's spyware, Pegasus, has been reported to have targeted not only individuals using Apple devices but also Al Jazeera journalists in the past. This indicates that the exploit has been used against multiple organizations or individuals, extending beyond a single incident or organization [118852]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be attributed to the exploit discovered by Citizen Lab in Apple's iMessage function, which allowed the FORCEDENTRY exploit to silently send corrupt files to a phone disguised as GIF extensions but containing malicious code in Adobe PDF files. This vulnerability in the design of iMessage was exploited by NSO Group's spyware, Pegasus, to hack into iPhones and other Apple devices [118852].
(b) The software failure incident related to the operation phase can be seen in the misuse of NSO Group's spyware, Pegasus, which was intended to be used by licensed law enforcement agencies to target criminals and terrorists. However, investigations revealed that the spyware was misused by government clients to target journalists and human rights activists around the world, highlighting the operational misuse of the software [118852]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident in this case is primarily within the system. The exploit discovered by Citizen Lab, known as FORCEDENTRY, was a zero-day vulnerability that allowed the NSO Group's spyware to infect Apple devices through a weakness in Apple's iMessage function [118852]. The vulnerability was within the Apple operating system, which allowed the spyware to silently hack into iPhones and other Apple devices, collecting personal information, intercepting calls and messages, and turning the devices into remote listening devices. Apple quickly developed and deployed a patch to fix the vulnerability, indicating that the issue originated within the system itself. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case is primarily due to non-human actions, specifically the exploit known as FORCEDENTRY that was discovered by Citizen Lab. This exploit allowed NSO Group's spyware, Pegasus, to silently hack into iPhones and other Apple devices by exploiting a zero-day vulnerability in Apple's iMessage function [118852].
(b) Human actions also played a role in this software failure incident as NSO Group, the Israeli spyware company, developed and deployed the exploit to target specific individuals. Additionally, the exploit was used by government clients of NSO Group to target journalists and human rights activists, highlighting the human actions involved in the misuse of the spyware [118852]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident related to hardware:
- The software failure incident reported in the articles is not directly attributed to hardware issues. Instead, it is focused on a vulnerability in Apple's iMessage function that allowed the exploit to be deployed on iPhones and other Apple devices [118852].
(b) The software failure incident related to software:
- The software failure incident is primarily attributed to a software vulnerability in Apple's iMessage function that was exploited by the NSO Group's spyware called Pegasus. This vulnerability allowed the spyware to silently hack into iPhones and other Apple devices, collecting personal information, intercepting calls and messages, and turning the devices into remote listening devices [118852]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the articles is malicious in nature. Security researchers at Citizen Lab discovered an exploit created by NSO Group, a spyware company, which was used by government clients to silently hack into iPhones and other Apple devices [118852]. The exploit, named FORCEDENTRY, allowed the spyware to infect a phone without the user's knowledge by exploiting a zero-day vulnerability in Apple's iMessage function [118852]. This incident involved intentional actions by NSO Group to develop and deploy spyware for unauthorized access to personal and private information on targeted devices.
(b) There is no information in the articles to suggest that the software failure incident was non-malicious. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident was poor_decisions. NSO Group's spyware, Pegasus, was used to target journalists and human rights activists around the world, despite NSO Group claiming that the spyware is only meant to be used by licensed law enforcement agencies to target criminals and terrorists [118852]. This misuse of the spyware by NSO Group's government clients highlights poor decisions made by the company in allowing their technology to be used for unethical purposes. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident related to development incompetence can be seen in the discovery of an exploit by security researchers at Citizen Lab that was believed to have been used by government clients of NSO Group to hack into iPhones and other Apple devices since February 2021. The exploit, named FORCEDENTRY, was attributed to NSO Group due to distinctive elements in the spyware code, indicating a technical vulnerability that allowed the spyware to infect phones. This incident highlights a failure in professional competence by NSO Group in developing spyware that could be used to target individuals, including journalists and human rights activists [118852].
(b) The software failure incident related to accidental factors can be observed in the exploitation of a zero-day vulnerability in Apple's iMessage function by the FORCEDENTRY exploit. The exploit used a weakness in iMessage to silently send corrupt files to phones, appearing as GIF extensions but containing malicious code in Adobe PDF files. This accidental exploitation of a vulnerability in a popular messaging app like iMessage underscores the importance of securing such apps to prevent successful exploitation by threat actors [118852]. |
| Duration |
temporary |
The software failure incident described in the articles is temporary. The vulnerability exploited by NSO Group's spyware, known as FORCEDENTRY, was a zero-day vulnerability in Apple's iMessage function that allowed the spyware to infect a phone without the user's knowledge [118852]. This indicates that the failure was due to specific circumstances and factors introduced by the exploit, rather than being a permanent failure affecting all circumstances. |
| Behaviour |
crash, omission, other |
(a) crash: The software failure incident in the article can be categorized as a crash. The exploit discovered by Citizen Lab, known as a "zero-day" vulnerability, allowed the spyware to infect a phone without the user knowing, leading to a crash in the system's security defenses [118852].
(b) omission: The software failure incident can also be linked to omission. The exploit used a weakness in Apple's iMessage function to silently send corrupt files to a phone, omitting the system's intended function of protecting users from malicious code [118852].
(c) timing: The timing of the software failure incident is not directly related to the system performing its intended functions too late or too early. Instead, the incident revolves around the system being exploited by the spyware, indicating a crash or omission rather than a timing issue [118852].
(d) value: The software failure incident does not align with a failure due to the system performing its intended functions incorrectly. The exploit allowed the spyware to successfully infiltrate the system, indicating a crash or omission rather than a value-related failure [118852].
(e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure, which involves inconsistent responses and interactions. The exploit in this case was successful in silently hacking into phones, indicating a crash or omission rather than a byzantine behavior [118852].
(f) other: The behavior of the software failure incident can be described as a security breach. The exploit discovered by Citizen Lab allowed the spyware to bypass Apple's security measures and gain unauthorized access to users' devices, compromising their personal and private information [118852]. |