Log inOpen app
Bill Marczak
7,789 posts
user avatar
Bill Marczak
@billmarczak
senior researcher @citizenlab, phd @UCBerkeley, co-founder @BHWatch. كلنا راجعين
Berkeley, CA
billmarczak.org
Joined January 2010
359
Following
12.8K
Followers
user avatar
@billmarczak

See Bill Marczak’s full profile

Open X

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • user avatar
    Bill Marczak
    @billmarczak
    Jul 18, 2021
    THREAD with a couple of interesting bits from @AmnestyTech's new report on what they learned from looking for NSO Group's spyware on phones
    Forensic Methodology Report: How to catch NSO Group’s Pegasus
    From amnesty.org
    16
    827
    1.5K
  • user avatar
    Bill Marczak
    @billmarczak
    Sep 13, 2021
    Stop and UPDATE your iPhones to iOS 14.8 NOW!!! We @citizenlab recovered NSO Group's FORCEDENTRY zero-click exploit (CVE-2021-30860) from the phone of a Saudi activist, and shared w/ Apple, who released iOS 14.8 today with a fix.
    FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild - The Citizen Lab
    From citizenlab.ca
    22
    791
    1.2K
  • user avatar
    Bill Marczak
    @billmarczak
    Jul 18, 2021
    Replying to @billmarczak and @AmnestyTech
    (1) @AmnestyTech saw an iOS 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. We at @citizenlab also saw 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. All this indicates that NSO Group can break into the latest iPhones.
    29
    610
    1.1K
  • user avatar
    Bill Marczak
    @billmarczak
    Jul 18, 2021
    Replying to @billmarczak
    It also indicates that Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security that their BlastDoor Framework (introduced in iOS 14 to make zero-click exploitation more difficult) ain't solving.
    14
    221
    750
  • user avatar
    Bill Marczak
    @billmarczak
    Oct 26, 2023
    NEW: Kaspersky releases full details on how they captured the “Triangulation” (suspected US Government) exploits and iPhone spyware targeting their employees. securelist.com/operation-tria…
    4
    160
    482
    83K
  • user avatar
    Bill Marczak
    @billmarczak
    Sep 29, 2022
    NEW REPORT today from @Reuters @JoelSchectman providing more detail about fatal flaws in the CIA's defunct communications network. Iran and China compromised the network in 2011, and killed dozens of CIA assets reuters.com/investigates/s…
    6
    187
    363
  • user avatar
    Bill Marczak
    @billmarczak
    Jul 18, 2021
    Replying to @billmarczak
    Phone logs show that (at least some of) the iOS 13.x and 14.x zero-click exploits deployed by NSO Group involved ImageIO, specifically the parsing JPEG and GIF images. ImageIO has had more than a dozen high-severity bugs reported against it in 2021.
    2
    80
    333
  • user avatar
    Bill Marczak
    @billmarczak
    Jul 18, 2021
    Replying to @billmarczak
    BlastDoor is a great step, to be sure, but it's pretty lame to just slap sandboxing on iMessage and hope for the best. How about: "don't automatically run extremely complex and buggy parsing on data that strangers push to your phone?!"
    6
    38
    324
  • user avatar
    Bill Marczak
    @billmarczak
    Oct 2, 2018
    Here are some instructions we released (in Arabic and English) on how to check if your phone was targeted by KINGDOM, the Saudi-linked operator of NSO Group's Pegasus spyware.
    15
    179
    298
  • user avatar
    Bill Marczak
    @billmarczak
    Jun 21, 2023
    Wow... Kaspersky apparently managed to obtain an iOS kernel exploit from the #Triangulation attack! Just patched as CVE-2023-32434 in iOS 16.5.1. That's pretty much "as good as it gets" in terms of capturing an exploit chain.
    support.apple.com
    About the security content of iOS 16.5.1 and iPadOS 16.5.1 - Apple Support
    This document describes the security content of iOS 16.5.1 and iPadOS 16.5.1.
    3
    83
    343
    66K
  • user avatar
    Bill Marczak
    @billmarczak
    Oct 24, 2021
    New @citizenlab report "BREAKING THE NEWS", in which we show how New York Times journalist Ben Hubbard was hacked with Pegasus twice (July 2020 and June 2021), both after he complained to NSO about previous hacking attempts against him
    Breaking the News: New York Times Journalist Ben Hubbard Hacked with Pegasus After Reporting on...
    From citizenlab.ca
    9
    139
    307
  • user avatar
    Bill Marczak
    @billmarczak
    May 7, 2020
    Wow! NSO seemingly failed to password-protect their server hosting oodles of location-tracking data from their pandemic-fighting (read: mass surveillance) Fleming system. Exactly the kind of breach you don’t want when your core business is secrecy...
    techcrunch.com
    A passwordless server run by spyware maker NSO sparks contact-tracing privacy concerns
    Experts say centralized databases of citizens' location data pose a security and privacy risk.
    7
    157
    292
  • user avatar
    Bill Marczak
    @billmarczak
    Jul 18, 2021
    Replying to @billmarczak
    Because the 0-clicks they're using appear to be quite reliable, the lack of traditional "persistence" is a feature, not a drawback of the spyware. It makes the spyware more nimble, and prevents recovery of the "good stuff" (i.e., the spyware and exploits) from forensic analysis
    3
    51
    255
  • user avatar
    Bill Marczak
    @billmarczak
    Aug 23, 2020
    Wow... The UAE and Saudi governments have gotten so much data from hacking phones with NSO’s Pegasus spyware that they don’t know what to do with it all. So, NSO has hired Israeli military veterans to help them. Blockbuster report from @Haaretz. haaretz.com/israel-news/.p…
    4
    144
    254