Dozens of journalists' iPhones hacked with NSO 'zero-click' spyware, says Citizen Lab
Citizen Lab researchers say they found evidence that dozens of journalists had tacitly compromised their iPhones with spyware known to be used by nation states.
More than last year, London-based reporter Rania Dridi and at least 36 journalists, producers and executives who worked for the Al Jazeera news agency were attacked with a so-called "zero-click" attack that exploited a security flaw that has now been fixed in Apple iMessage. The attack invisibly compromised the devices without causing victims to open a malicious link.
Citizen Lab, the Internet watchdog at the University of Toronto, was called to investigate earlier this year after one of the victims, investigative journalist Tamer Almisshal of Al Jazeera, suspected that his phone might have been hacked.
Scroll to continue with the content
Microsoft - New Age of Business
Attend the MEA New Age of Business Summit
Visit Microsoft leading companies and industry experts for insightful commentary, insightful solutions, and technology best practices.
In a technical report released Sunday and shared with TechCrunch, researchers believe the journalists' iPhones were infected with the Pegasus spyware developed by the Israel-based NSO Group.
The researchers analyzed Almisshal's iPhone and found that between July and August it was connected to servers known to be used by NSO to deliver the Pegasus spyware. The device has detected a number of network activity, which suggests that the spyware may have been silently served through iMessage.
Logs from the phone show that the spyware was likely able to secretly record the microphone and phone calls, take photos with the phone's camera, access the victim's passwords, and track the phone's location.
Citizen Lab analyzed the network logs of two hacked iPhones and found that it could record calls to surroundings, take photos with the camera, and track the location of the device without the victim knowing. (Image: Citizens Laboratory)
Citizen Lab said the bulk of the hacks were likely carried out by at least four NSO customers, including the governments of Saudi Arabia and the United Arab Emirates, citing evidence found in similar attacks involving Pegasus.
The researchers found evidence that two other NSO customers had hacked into one or three Al Jazeera phones, but the attacks could not be attributed to a specific government.
An Al Jazeera spokesman who was just broadcasting coverage of the hacks did not immediately comment.
NSO sells access to its Pegasus spyware to governments and nation states as a pre-packaged service by providing the infrastructure and exploits necessary to launch the spyware against the client's targets. However, the spyware manufacturer has repeatedly distanced itself from what its customers do, stating that it does not know who its customers are targeting. Some of NSO's well-known customers are authoritarian regimes. Saudi Arabia reportedly used the surveillance technology to spy on columnist Jamal Khashoggi's communications shortly before his murder. US intelligence likely concluded that the de facto ruler of the kingdom, Crown Prince Mohammed bin Salman, had ordered this.
Citizen Lab said it had also found evidence that Dridi, a journalist for the Arab television network Al Araby in London, was the victim of a zero-click attack. The researchers said Dridi was likely targeted by the UAE government.
On a phone call, Dridi told TechCrunch that her phone may have been targeted because of her close association with a person of interest to the UAE.
Dridi's cell phone, an iPhone XS Max, was targeted for an extended period, likely between October 2019 and July 2020. The researchers found evidence that she was targeted twice with a zero-day attack - the name of an exploit that failed to do so has already been disclosed and that a patch is not yet available - since both times on her phone the latest version of iOS is running.
"My life is no longer normal. I don't have the feeling that I have a private life again," said Dridi. "Being a journalist is not a crime," she said.
According to Citizen Lab, the latest results show an "accelerating trend towards espionage" against journalists and news organizations, and the increasing use of zero-click exploits is making it increasingly difficult - although obviously not impossible - to detect the infecting the earlier, more sophisticated techniques Devices of the victims as they cover their tracks.
When NSO arrived on Saturday, it said it couldn't comment on the allegations as it hadn't seen the report but declined to say whether Saudi Arabia or the UAE were customers or what processes - if any - it introduces prevent customers from targeting journalists.
"This is the first time we have heard of these allegations. As we have repeatedly stated, we do not have access to information about the identity of anyone who has allegedly been using our system for surveillance. However, if we do if we have credible evidence For any misuse received, along with the basic identifiers of the alleged targets and timeframes, we are taking all necessary steps under our product abuse investigation process to investigate the allegations, "said a spokesman.
“We cannot comment on a report that we have not yet seen. We know that CitizenLab regularly publishes reports that are based on inaccurate assumptions and do not fully understand the facts. This report will likely follow the theme of NSO providing products that state law enforcement can only use against serious organized crime and counterterrorism, but as stated in the past we do not operate them. Even so, we are committed to ensuring that our guidelines are followed, and all signs of non-compliance are taken seriously and investigated. "
Citizen Lab said it stood by its findings.
Read more on TechCrunch
Before Facebook sued NSO Group, it allegedly looked for their software to better spy on users
A passwordless server run by spyware maker NSO raises privacy concerns with contact tracing
UN calls for investigation after Saudis is linked to Bezos phone hack
US intelligence law targets commercial spyware manufacturers
Read this week's deciphered
Government spokesmen for the Saudi Arabia and United Arab Emirates in New York did not respond to an email asking for comment.
The attacks are not only focusing again on the shadowy world of surveillance spyware, but also on the companies that have to fight against it. Apple puts much of its public image into promoting the privacy of its users and developing secure devices like iPhones that are protected against most attacks. But no technology is insensitive to security vulnerabilities. In 2016, Reuters reported that UAE-based cybersecurity firm DarkMatter had purchased a zero-click exploit for iMessage that they dubbed "Karma." The exploit worked even when the user was not actively using the messaging app.
Apple told TechCrunch that it had not independently verified Citizen Lab's findings, but that the vulnerabilities used to combat the reporters were fixed in iOS 14, which was released in September.
“At Apple, our teams work tirelessly to improve the security of our users' data and devices. iOS 14 is a big leap in security and offers new protection against such attacks. The attack described in the study was directed to a large extent against certain individuals by nation states. We always ask our customers to download the latest version of the software to protect themselves and their data, "said an Apple spokesman.
NSO is currently in a lawsuit with Facebook over the past year in which the Israeli spyware maker was accused of using a similar, previously undisclosed zero-click exploit on WhatsApp to infect around 1,400 devices with the Pegasus spyware infect.
Facebook discovered and repaired the vulnerability and stopped the attack, but said more than 100 human rights defenders, journalists and "other members of civil society" were victims.
WhatsApp accuses and sues mobile spyware maker NSO Group for its zero-day call exploit
In this article
Mention your own website in this post for Advertisement
Newt Gingrich: This is a very dangerous time for the country
Mavs star Luka Doncic: 'I don't understand the idea of a play-in'
Thorchain Is Ready to Grease the Wheels of Crypto-to-Crypto Trading
Three Georgia officers shot during police chase, officials say
A California police department fired an officer who was a former Proud Boy. He says it's unfair and he never saw any 'kind of racism' while he was affiliated with them.
Kanye West’s Prototype Yeezys Are Expected to Become the Most Expensive Sneakers Ever Sold