iPhones of around 36 Journalists at Al Jazeera news
organisation have been hacked by nation-sponsored hackers who sent
malware laden iMessages. The attackers who are suspected to be
backed by the governments of the United Arab Emirates and Saudi
Arabia, exploited a zero-day vulnerability in iMessage which was
later fixed by Apple.
In a technical report, experts have stated that the Journalists'
iPhones were snooped on by attackers who employed NSO's Pegasus
software to deploy spyware onto the iPhones of 36 journalists,
executives and producers at the news agency, Al Jazeera.
Pegasus is a modular malware developed by the Israeli firm NSO which is used for surveillance purposes and has also been linked to surveillance abuse at multiple occasions. The spyware allows hosts to remotely monitor and exploit devices. Reportedly, the attack took place invisibly and it didn't require the attackers to trick the victims into clicking on a malicious link – as opposed to conventional ways of deploying malware.
While examining one of the victim's device, researchers
discovered that spyware was deployed secretly through iMessage and
was able to take images using iPhone's camera, access passwords,
and victim's location. Besides, it's likely that the spyware was
also recording phone calls and microphone.
As per the researchers at Citizen Lab, a total of four operators
belonging to Pegasus were observed to have assisted the hack. Two
of the operators namely SNEAKY KESTREL and MONARCHY are suspected
to be having links with the governments of Middle Eastern
countries; to the UAE and Saudi Arabia, respectively.
According to the reports by Citizen Lab, "In July and August
2020, government operatives used NSO Group’s Pegasus spyware to
hack 36 personal phones belonging to journalists, producers,
anchors, and executives at Al Jazeera. The personal phone of a
journalist at London-based Al Araby TV was also
hacked."
"The phones were compromised using an exploit chain that we call
KISMET, which appears to involve an invisible zero-click exploit in
iMessage. In July 2020, KISMET was a zero-day against at least iOS
13.5.1 and could hack Apple’s then-latest iPhone 11."
"We do not believe that KISMET works against iOS 14 and above, which includes new security protections. All iOS device owners should immediately update to the latest version of the operating system," the report further read.
Read more https://www.ehackingnews.com/2020/12/iphones-of-al-jazeera-journalists-being.html
