36 Al Jazeera journalists hacked via zero-click iPhone exploitation

It is alleged that 36 Al Jazeera journalists hacked their personal iPhones using spyware developed by the Israeli security firm NSO Group. The scary thing is zero day, zero-click exploitation, which misuses vulnerability in iMessage, Not diagnosed for about a yearIt may have originated in Saudi Arabia and the United Arab Emirates.

The message is coming one way Confusing statement From the Citizen Laboratory at the University of Toronto. The long report goes deep into the background of the NSO Group, which is known for selling surveillance technology to governments. You may remember from its group Link a Massive WhatsApp breach In 2019, it will be more affected 1,400 phones with malware. (Facebook is present Case against NSO group Over that particular incident.) The NSO group is also said to be present Investigated by the FBI.

In this case, the phones were hacked using a program called KISMET, which used the NSO group’s Pegasus software, as well as “invisible zero-click exploitation on iMessage”. Kismet is a zero day, zero-click exploitation, which is That means Apple didn’t know it existed And Journalists don’t have to click anything – a bad connection, for example, can affect their phones. According to the report, this hack was effective against iPhone 11 and iOS 13.5.1.

“Since at least 2016, spyware vendors worldwide seem to have successfully used zero click exploits against iPhone targets,” the Citizen Lab report says. “Many of these efforts have been reported to be through Apple’s iMessage app, which is installed by default on every iPhone, Mac and iPod.”

In total, Citizen Lab identified 36 Al Jazeera journalists whose phones had been hacked by four NSO team operators. The panel said it had decided that at least two operators would operate on behalf of Saudi Arabia and the United Arab Emirates. When most journalists requested anonymity, the two were allowed to publish their names in the statement. Tamar al-Mishal, an investigative journalist for Al Jazeera, hosts an event that deals with politically controversial topics, initially contacting Citizen Lab when he began to suspect his phone had been compromised. Rania, meanwhile, is a London-based journalist with Tridi Al Arabi Defender She believes she may have been targeted for talking about important topics in her show, including women’s rights “An outspoken critic of the governments of Saudi Arabia and the United Arab Emirates” is a “close personal ally”. In terms of context, neither Saudi Arabia nor the United Arab Emirates is a big fan of the Al Jazeera network. In 2017, both countries (With Bahrain and Egypt) Qatar demanded Close the network In return for lifting sanctions against the country.

In reports to the Guardian and Business Insider, The NSO Group said its software only helps governments “deal with serious organized crime and terrorism” and that it does not implement such programs. Meanwhile, Citizen Lab claims to have reported its findings to Apple. For its part, Apple told both Engadget Although Citizen Lab’s report could not be verified, it said the attack was “highly targeted by anti-individual national governments” and urged consumers to stay current and download the latest iOS software.

Zero day, zero-click exploits are hard to spot and almost all iPhones that appeared before iOS 14 were vulnerable to hack, Citizen Labs points out, using only a fraction of the total cases involved. Fortunately, Citizen Labs Due to the strong security features, Kismet Exploiter does not seem to work on iOS 14.

If you have not already updated your iPhone to iOS 14, you should get it. Just because the average consumer does not attract the wrath of a foreign nation-state does not mean that other bad actors are not interested in using the same exploitation. In general, keeping your software up to date is good security hygiene — even if it sometimes triggers your favorite programs, or you hate them. Widgets for iOS 14. Do not be dummy – uPdate your phone.