According to the latest news, as many as 36 personal phones that belonged to Al Jazeera journalists, producers, anchors, and executives were hacked in a spyware campaign between July to August of this year. This is alleged by a new report from Citizen Lab.
As per reports, the attacks used Pegasus technology provided by the Israeli firm NSO Group. As of now, it seems that the attack was conducted by four operators. Citizen Lab reported that it has “medium confidence” that one of the operators is working on behalf of the UAE government and another for the Saudi government.
These attacks are worrying not only because they appear to show politically motivated targeting of journalists but also because they are using increasingly advanced methods that are harder to detect.
Citizen Lab report suggests that the attacks used a zero click exploit to compromise iPhones via iMessage. In simple words, this means, the attacks happened without the victims needing to do anything. In July 2020, the exploit chain was a zero-day.
Citizen Lab’s report further claims that more or less all iPhone devices that were not updated to iOS 14 appear to be vulnerable. Citizen Lab has disclosed its findings to Apple already.
Citizen Lab’s report also suggests that the spyware can record audio from a phone (including ambient noise and audio from phone calls), take photos, track location, and access passwords. Citizen Lab has discovered one of the hacks after Al Jazeera journalist Tamer Almisshal allowed the company to install a VPN on his device because he was worried that his device might have been compromised.
Citizen Lab has found out that his phone visited a suspected installation server for NSO Group’s spyware and within a few seconds, the device uploaded over 200 MB of data to three IP addresses for the very first time.
An NSO Group spokesperson told The Verge that Citizen Lab’s report “lacks any evidence supporting a connection to NSO.” He said “NSO provides products that enable governmental law enforcement agencies to tackle serious organized crime and counterterrorism only, and as stated in the past we do not operate them. However, when we receive credible evidence of misuse with enough information which can enable us to assess such credibility, we take all necessary steps in accordance with our investigation procedure in order to review the allegations.”