Journalists appear to have fallen prone to a particularly sophisticated digital espionage campaign. According to the Guardian, Citizen Lab has discovered that operators using NSO Group software, nicknamed Kismet, hacked the iPhones of 37 journalists (most from Al Jazeera) using an iMessage vulnerability that had been present for roughly a year. The zero-click attacks left no trace and would have allowed access to passwords, microphone audio and even snapping photos.
The exact motivations aren’t clear, but there were four operators that appear to have origins in Saudi Arabia and the United Arab Emirates and, in at least two cases, acted on the government’s behalf. One victim, Al Araby’s Rania Dridi, believed she might have been a target due to her discussions of women’s rights and her link to an outspoken critic of Saudi Arabia and the UAE. One target reportedly received spyware links like those used to snoop on UAE activist Ahmed Mansoor in 2016.
The exploit doesn’t appear to work in iOS 14.
The NSO Group said it wasn’t familiar with Citizen Lab’s claims and maintained that it doesn’t have access to targets’ data. It said that it investigates any instance where there’s “credible evidence of misuse” by customers, and that the software is only meant for pursuing criminals. Apple said it couldn’t independently verify Citizen Lab’s work, but said the attack was “highly targeted” and that it always urged people to install the latest version of iOS.
So long as the findings hold, they suggest that some countries are still abusing NSO Group tools to spy on critics and dissidents. They also raise questions about how a vulnerability like this could persist for so long without the public noticing. It’s not clear that anyone beyond NSO knew of the flaw or that any other phones were compromised, but the damage is done — there are now many journalists and activists wondering if their phones were (and are) safe.