36 Al Jazeera journalists hacked the iPhone without exploiting zero click

Illustration for article entitled Dozens of Al Jazeera journalists were shattered by exploiting the iPhone without a click

Photo: Alex Cranz / Gizmodo

It appears that 36 Al Jazeera journalists had hacked their personal iPhones using spyware created by NSO Group, an Israeli security firm. The terrifying thing is the exploitation of zero-day, zero-click, which abuses a vulnerability in iMessage, remained undetected for about a year –and probably from Saudi Arabia and the United Arab Emirates.

The news comes through a disturbing report from the Citizen Lab at the University of Toronto. The long report delves into the background of the NSO group, known for selling surveillance technologies to governments. You may remember his group link to A massive violation of WhatsApp in 2019, which infected more than 1,400 phones with malware. (Facebook is currently suing NSO Group over that incident.) NSO Group is also reported FBI investigation.

In this case, the phones were broken using a program called KISMET, which uses NSO Group’s Pegasus software, as well as an “invisible zero-click exploit in iMessage.” KISMET was a zero-day, zero-click operation that it means that Apple was not aware that it existed and journalists did not have to click on anything – a bad link, for example – to infect their phones. According to the report, the hack was effective against iPhone 11 as well as iOS 13.5.1.

“As of at least 2016, spyware providers appear to have successfully deployed zero-click operations against iPhone targets globally,” the Citizen Lab report states. “Several of these attempts have been reported through the Apple iMessage app, which is installed by default on every iPhone, Mac and iPad.”

In total, Citizen Lab identified 36 Al Jazeera journalists whose phones were broken by four NSO operators. The group said it concluded that at least two of the operators were acting on behalf of Saudi Arabia and the United Arab Emirates. While most journalists requested anonymity, two allowed their names to be published in the report. Tamer Almisshal, an investigative journalist for Al Jazeera, hosts a show that deals with politico-political issues and initially contacted Citizen Lab when he began to suspect that his phone had been compromised. Meanwhile, Rania Dridi is a London-based journalist with Al Araby, and she said the Guardian that she thinks she could have been targeted because she talks about sensitive topics in her show, including women’s rights, and he is a “close personal associate” with “a sincere critic of the Saudi and UAE governments”. For context, neither Saudi Arabia nor the UAE is a big fan of the Al Jazeera network. In 2017, both countries (together with Bahrain and Egypt) asked Qatar close the network in exchange for lifting sanctions against the country.

In the statements provided to the Tutor and Business Insider, NSO Group argued that its software helps governments “only address serious organized crime and counterterrorism” and does not operate such programs. Meanwhile, Citizen Lab says it has reported its findings to Apple. In turn, Apple told the two Engadget and Business Insider that, while unable to verify the Citizen Lab report, this particular attack was “highly targeted by national states against individuals” and urged customers to stay up to date and download the latest iOS software.

Given that zero-day, zero-click exploits are hard to detect and that it appears that all previous iOS 14 iPhones were vulnerable to hacking, Citizen Labs notes that this may be just a fraction of all cases. which involves this. exploit. Fortunately, Citizen Labs says that it does not seem that the KISMET operation works in iOS 14, due to the stronger security features.

If you haven’t already updated your iPhone to iOS 14, you should get into it. Just because the average consumer may not have attracted the wrath of a foreign nation-state does not mean that other bad actors are not willing to use the same exploit. In general, it’s a good security hygiene to keep your software up to date – even if it sometimes makes your favorite programs difficult or if you just hate it. IOS 14 widgets. Don’t be a mannequinupdate your phone.