A new report issued by the Citizen Lab Group at the University of Toronto revealed that an unknown exploit in the iMessage application was used to penetrate dozens of journalists’ iPhones, and this hack occurred in July and August 2020, where government agents used the Pegasus spyware to penetrate 36 phones. In person for Al Jazeera journalists, producers, reporters, and executives. The phone of a journalist at Al-Arabi, which is based in London, was hacked.
Pegasus – developed by the NSO Group – is a phone surveillance and espionage solution that enables clients to exploit and monitor vulnerabilities in devices remotely. NSO Group is a producer and supplier of surveillance technologies to governments around the world, whose products are linked to surveillance violations and espionage.
How was iPhone phones hacked through this vulnerability?
Journalists’ phones were hacked using a series of vulnerabilities dubbed KISMET that appeared to involve an unknown Zero-click exploit in the iMessage app. KISMET was targeting the latest version of iOS 13 – version number iOS 13.5.1 – and it could be exploited to hack the newer iPhone 11 from Apple at the time.
Records of hacked iPhones collected by researchers at Citizen Lab indicate that a number of NSO Group customers also used the same vulnerability from October to December of 2019, indicating that this has not been discovered or fixed for a long period of time.
This is evidence that NSO Group no longer relies on the malicious links approach in SMS messages to penetrate targets phones, as it has recently switched towards other vulnerabilities; Like: zero-click, network-based vulnerabilities that allow phones to be hacked without any interaction from the target, and without leaving any visible traces.
The WhatsApp hack in 2019 – at least 1,400 phones were targeted by a vulnerability that was exploited via voice call – is one example of this shift.
This is what happened with the hacked iPhones, as once the spyware was implanted in the target’s phone, the target iPhone would begin to download large amounts of data, sometimes amounting to hundreds of megabytes, without the user’s knowledge.
The uploaded data is believed to include ambient audio recorded by the phone’s microphone, the content of encrypted phone calls, images captured with the phone’s camera, the phone’s geographic location, as well as any passwords stored in the phone.
What is Apple’s response?
There is still no evidence that KISMET vulnerabilities can be exploited in iOS 14 or its recent versions, as this version focuses on improving security features and protecting privacy significantly, so all iPhone owners must update immediately to the latest available version of the system. IOS 14.
Apple said: “It cannot independently verify the work of the Citizen Lab, and it is constantly working to enhance the security of user and device data. It also urged its customers to install the latest version of their device operating systems to protect themselves and their data.”