At least 36 media professionals, including journalists, producers and executives from the Al Jazeera television station, were attacked on the iMessage app. It is a possible spyware campaign. The personal phone of a journalist from Al Araby TV in London was also hacked in October 2019.
Information about attacks on journalists with 'outdated' IOS was released in Citizen Lab report, an Internet surveillance lab at the University of Toronto (Canada). The Lab says that “nearly all iPhone devices that have not been updated to the latest version appear to be vulnerable.” iOS 14”. We recently announced here that iOS 14 beta users received fake update warning.
Citizen Lab reported that the attack on journalists’ iOS devices was led by a group of four hackers using Pegasus spyware sold by the Israeli company NSO Group. The group is accused of acting on behalf of the government of the United Arab Emirates and Saudi Arabia by spying on journalists covering news about the Middle East. The crisis has been going on since 2017, when Saudi Arabia, the United Arab Emirates, Bahrain and Egypt accused Qatar of fueling the Middle East crisis encouraged by media outlets and political groups.
Sophisticated attacks
Citizen Lab reported that the attacks appear to have used a zero-day exploit based on a vulnerability in iMessage itself to take control of an iPhone. In other words, the victims did not take any action that would have facilitated the attack on the device. Meanwhile, the hackers, using a tool that researchers have dubbed 'Kismet', sent a message to the victims that they did not even need to click. It is a type of Trojan horse used to bypass the security of an iPhone. Thus, the hackers operated without leaving any traces immediately after infecting the device.
Citizen Lab, which has already notified the Apple about the attacks, identified a journalist from Al Jazeera as one of the victims. He authorized the lab's researchers to install a VPN on his device because he suspected it might have been hacked. Using the software, they found that the device had 'visited' a suspected NSO Group spyware installation server. Within seconds, the iPhone downloaded more than 200MB of data to three IP addresses for the first time.
The report also concluded that the spyware stopped working recently when the Apple released iOS 14, with improved security features. Even so, it may have revealed important content because it allowed location tracking, accessing passwords, taking photos and recording audio from a phone (including ambient noise and audio from phone calls). The Trojan ran on the latest devices from Apple (but the bug was fixed in the iPhones 11 running iOS 13.5.1).
Again
This is not the first time allegations have emerged that NSO Group spyware has been used to target journalists. The Guardian recently reported that the software was allegedly used to target journalists in Morocco and politicians in Rwanda.
In previously published articles, the broadcaster Al Jazeera reported that the NSO Group has been linked to governments that use technology to spy on journalists, politicians and activists, among other targets.
In a statement posted on its website, a spokesperson for the Israeli group accused Citizen Lab of basing its report on “speculation” without “any” evidence that “supports a relationship with NSO.” It also said that its products are for fighting “organized crime and counterterrorism” and that any evidence of serious violations of its policies will be investigated.
A Apple Apple also said in a statement, through a spokesperson. “Our teams work tirelessly to strengthen the security of our users’ data and devices. iOS 14 is a major leap forward in security and offers new protections against these types of attacks. We always encourage customers to download the latest version of the software to protect themselves and their data.”
Through which channels you reach those people, classic and out of the box. The Verge.