It appears that 36 Al Jazeera journalists have reportedly had their personal iPhones hacked using spyware created by NSO Group, a sketchy Israeli security company. The terrifying thing is the zero-day, zero-click exploit, which exploits a vulnerability in iMessage, went unnoticed for about a year –and probably from Saudi Arabia and the United Arab Emirates.
The news comes through a disturbing report from the Citizen Lab at the University of Toronto. The lengthy report delves deep into the background of NSO Group, which is known for selling surveillance technology to governments. You may remember the group from his time link to a huge WhatsApp breach in 2019, which more than 1,400 phones with malware. (Facebook is currently is suing NSO Group about that particular incident.) NSO Group is reportedly too investigated by the FBI.
In this case, the phones were hacked using a program called KISMET, which used NSO Group’s Pegasus software, as well as an “invisible zero-click exploit in iMessage.” KISMET was a zero-day, zero-click exploit that uses means Apple didn’t know it existed and the journalists didn’t have to click on anything – a bad link, for example – to have their phones infected. According to the report, the hack was effective against the iPhone 11 and iOS 13.5.1.
“Since at least 2016, spyware vendors appear to have successfully deployed zero-click exploits against iPhone targets on a global scale,” the Citizen Lab report says. “Several of these attempts were reportedly made through Apple’s iMessage app, which is installed by default on every iPhone, Mac and iPad.”
G / O Media can receive a commission
In total, Citizen Lab identified 36 Al Jazeera journalists who had their phones hacked by four NSO Group operators. The group said it concluded that at least two of the operators were acting on behalf of Saudi Arabia and the United Arab Emirates. While most journalists asked for anonymity, two allowed their names to be published in the report. Tamer Almisshal, an investigative reporter for Al Jazeera, hosts a show on politically controversial topics and initially contacted Citizen Lab when he began to suspect his phone had been compromised. Meanwhile, Rania Dridi is a London-based journalist at Al Araby, and they are told the Guardian that she thinks she’s been targeted because she talks about sensitive topics on her show, including women’s rights, and is a “close personal assistant” with “an outspoken critic of the governments of Saudi Arabia and the UAE”. For context, neither Saudi Arabia nor UAE are a huge fan of the Al Jazeera network. In 2017, both countries (along with Bahrain and Egypt) demanded that Qatar shut down the network in exchange for the lifting of sanctions against the country.
In statements to the Guardian and Business insiderNSO Group claimed that its software helps governments “only deal with serious organized crime and counter-terrorism” and that it does not implement such programs. Meanwhile, Citizen Lab says it has reported its findings to Apple. For its part, Apple also told both Engadget and Business Insider that while it could not verify the Citizen Lab report, this particular attack was “highly targeted by nation-states at individuals” and urged customers to stay tuned and download the latest iOS software.
Given that zero-day, zero-click exploits are difficult to detect and the fact that almost all iPhones prior to iOS 14 were vulnerable to the hack, Citizen Labs notes that it’s possible that this is only a fraction of the total number of cases in which this exploit. Grateful, Citizen Labs says the KISMET exploit doesn’t appear to work in iOS 14, due to stronger security features.
If you haven’t updated your iPhone to iOS 14 yet, you should start on it. The fact that the average consumer may not have aroused the ire of a foreign nation-state doesn’t mean that other bad actors don’t like to use the same abuse. In general, it is good safety hygiene to keep your software up to date, even if it sometimes hates your favorite programs, or if you just hate Widgets from iOS 14. Don’t be a dummy – youupdate your phone.