Pegasus spyware-maker NSO Group hacked iPhones of Al Jazeera journalists

Last year, Israel-based NSO Group (aka Q Cyber Technologies) was in the news for hacking into WhatsApp of several high profile persons via Pegasus spyware.

Investigation revealed that a handful of government agencies hired NSO Group to illegally track activists, journalists, and even the Amazon founder Jeff Bezos. As per reports in the media, more than 45 countries including Bangladesh, Brazil, Hong Kong, India (but the government denies having links), Pakistan, Saudi Arabia, United Arab Emirates are clients of NSO Group.

Facebook-owned WhatsApp acknowledged that hackers made use of security loopholes in the messenger app and spied on people. It also formally filed a lawsuit against NSO Group.
Citizen Lab, which unearthed Pegasus spyware has come up with another shocking report, but this time, it is related to the Apple Messages app of iPhone.

It revealed that an Israeli firm hacked into the Apple iPhones of 36 journalists, producers, anchors, and executives at Al Jazeera. Even another outstation journalist at London-based Al Araby TV was also tracked illegally using spyware.

NSO Group operatives used Kismet, a zero-click, zero-day exploit to hack into iPhones.

Zero-day exploit: It is a software vulnerability that is unknown to the company (in this case, Apple) that is responsible for mitigating the security loop-hole.

Zero- Click exploit: It is a sophisticated technique that can be used to drop malware/spyware into a device without the victim ever knowing it. Also, hackers need not even have to use parlour tricks to hoodwink users into clicking a malicious URL link or download an app.

"In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple’s then-latest iPhone 11. Based on logs from compromised phones, we believe that NSO Group customers also successfully deployed KISMET or a related zero-click, zero-day exploit between October and December 2019," Citizen Lab said in the report.

It added NSO Group used four operatives and two are known by monikers-- MONARCHY (from Saudi Arabia) and SNEAKY KESTREL (from the United Arab Emirates). They used server infrastructures in Germany, France, UK, and Italy using cloud providers Aruba, Choopa, CloudSigma, and DigitalOcean.

Here's how the NSO Group's spyware was discovered
Tamer Almisshal is a well-known investigative journalist for his works in the Middle East, including UAE, Saudi, and Bahraini Government involvement in an attempted 1996 coup in Qatar.

Almisshal, earlier this year in January, felt strange about his iPhone as it used to crash at random times. He got a bit paranoid and thought his mobile may have been hacked. He later took the help of Citizen Lab to get his doubts cleared. He was told to install a VPN application for Citizen Lab researchers to monitor metadata associated with his Internet traffic.

Almisshal also revealed that he had no recollection of receiving a URL link on the messages app or downloading any application.

His phone was under observation for several months and later in July, the iPhone established a link to a website which is hosted by NSO Group-owned installation server, the one used to drop Pegasus spyware.

The iPhone later communicated to three other previously unknown IP address and in 16 hours, the internet traffic data showed, 270.16MB of data upload and 15.15MB data of download

Later, Citizen Lab was able to unearth digital evidence of the illegal surveillance operation not just on Almisshal, but also 35 other journalists and workers related to Al Jazeera.
Citizen Lab has forwarded their findings to Apple Inc. and the latter is conducting its own investigation.

DH has reached out to Apple with regard to the Citizen Lab report and is yet to reply.

There is no information if the iPhones running iOS 13.5.1 or older are the only ones vulnerable to Kismet exploit or not.

However, all Apple iPhone owners are advised to install the latest iOS 14.3 to make sure, their mobiles can be safeguarded from spyware.

Readers can find the Citizen Lab's full detailed report (here).

Must read | Pegasus spyware: All you need to know

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.