In a startling revelation, researchers from Canada-based Citizen Lab have found that the Pegasus spyware, developed by Israel-based NSO Group, compromised iPhones of at least 36 of journalists.
In July and August this year, government operatives made the use of the NSO Group’s Pegasus spyware to hack into the iPhones of 36 journalists, producers, TV anchors, and executives at Al Jazeera.
The report also says that the personal smartphone of a London-based journalist at Al Araby TV was also compromised.
“The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage” in iPhones.
Who all were compromised?
As per Citizen Lab, which is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto, the NSO Groups seemed to have deployed the KISMET spyware between October and December 2019.
It is said that the NSO Group is currently embroiled in a legal battle with Facebook as the social media giant accused that the Israeli spyware maker for using Pegasus in its messaging app WhatsApp. Facebook claims that Pegasus infected approximately 1,400 people, mostly celebrities. Facebook also submitted a detailed proof in the court about the alleged hacking.
The new Citizen Lab report further stated that the 36 journalists were hacked by four Pegasus operators, “including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates”.
“We do not believe that KISMET works against iOS 14 and above, which includes new security protections. All iOS device owners should immediately update to the latest version of the operating system”.
The extent of the attack?
Even if one considers the expansive userbase of the NSO Group, the researchers suspect that the infections were of a minuscule fraction with most of the vulnerability on almost all iPhone devices prior to the iOS 14 update.
The infrastructure used in these attacks included servers in Germany, France, UK, and Italy using cloud providers Aruba, Choopa, CloudSigma, and DigitalOcean. The researchers have shared the findings with Apple and the company was looking into the issue.
NSO has not issued any official statement on the same. Also, it was back in 2019 that reports surfaced of Indian journalists also being targeted by the NSO Group.
Counting the 36 cases revealed in the new report, there are now at least 50 publicly known cases of journalists and others in media targeted with NSO spyware, with attacks observed as recently as August 2020.
–with inputs from IANS.
