Dozens of Al Jazeera reporters' iPhones were hacked via NSO spyware

The software allows hacking with zero clicks from the user, thanks to an iMessage vulnerability. Both the company and Apple refuse to acknowledge their part.

Scammer holds smartphone, cracks two-factor authentication, steals money online

Dozens of Al Jazeera journalists’ iPhones have been hacked by an unknown source, according to research from Citizen Lab and the University of Toronto. The attacker(s) in the situation are as-of-yet unknown, though researchers hypothesize that the attack was ordered by Saudi Arabia and the United Arab Emirates.

In order to carry out the attack, hackers used spyware from NSO Group, an Israel-based software company that has drawn scrutiny from cybersecurity experts and the FBI. And those experts worry that the attacks we know about are only a small fraction of all those being carried out with the assistance of NSO Group’s spyware known as Kismet.

Citizen Lab says at least 37 journalists’ phones were compromised — most of whom work for Al Jazeera — by allowing Kismet to work its way through an iMessage vulnerability. That vulnerability, which would have been active and open for the better part of a year, has been sealed up with the release of iOS 14.

Denial on all fronts — As you might expect, NSO Group isn’t exactly ready to admit its software is being used for targeted attacks on the media. And Apple isn’t looking to confirm its own security loopholes.

NSO Group says it isn’t “familiar” with the allegations from Citizen Lab:

“As we have repeatedly stated we do not have access to any information with respect to the identities of individuals our system is used to conduct surveillance on. However, where we receive credible evidence of misuse, combined with the basic identifiers of the alleged targets and timeframes, we take all necessary steps in accordance with our product misuse investigation procedure to review the allegations."

Apple is also choosing to dance around the issue at hand. The tech giant’s response to the stream of hacks — which are carried out through its proprietary software — is that they were “highly targeted by nation states” against specific individuals. “We always urge customers to download the latest version of the software to protect themselves and their data,” Apple said in a statement.

No clicks needed — Perhaps the most horrifying aspect of this hack is that, according to Citizen Lab, it required no input from the user at all. When it comes to spyware, we often think of malicious links clicked on via spam email or website pop-up — but this is a “zero-click” hack.

Citizen Lab was alerted to the hack by Tamer Almisshal, a journalist who became suspicious that his phone had been compromised. Data logs showed that Almisshal’s phone did indeed connect to an NSO Group server. In total, 36 of the 37 compromised phones belonged to Al Jazeera journalists.

Once compromised, these iPhones could have provided hackers with any and all data kept on the phone.

This keeps happening — This is all sounding very familiar… oh wait, that’s because we’ve gone through this exact situation before, albeit with WhatsApp vulnerabilities rather than iMessage ones. WhatsApp sued NSO Group for allegedly sending malware to more than 1,400 of its users’ devices in a two-week period.

In that case as well, NSO Group denied any involvement. NSO president Shiri Dolev has publicly stated that NSO Group is “not a spy company” and has instead “prevented terrorist attacks” and “captured pedophiles.”

And thus NSO Group’s refusal to acknowledge unsavory uses of its software continues — though Apple’s part in the scandal should not be undersold. This vulnerability existed within iMessage for quite a long time, and Apple either didn’t know about it or took its sweet time patching it up.