The Great iPwn -- Journalists Hacked with Suspected NSO Group iMessage 'Zero-Click' Exploit
by martyb from SoylentNews on (#5BYD9)
rigrig made a submission which was the genesis for this story.
The Citizen Lab found that the iPhones of dozens of journalists were hacked using an invisible zero-day zero-click exploit in iMessage.
The Great iPwn -- Journalists Hacked with Suspected NSO Group iMessage 'Zero-Click' Exploit:
Summary & Key Findings
- In July and August 2020, government operatives used NSO Group's Pegasus spyware to hack 36 phones belonging to journalists and employees at Al Jazeera. The phone of a journalist at London-based Al Araby TV was also hacked.
- The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage. In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple's then-latest iPhone 11.
- Based on logs from compromised phones, we believe that NSO Group customers also successfully deployed KISMET or a related zero-click, zero-day exploit between October and December 2019.
- The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates.
- We do not believe that KISMET works against iOS 14 and above, which includes new security protections. All iOS device owners should immediately update to the latest version of the operating system.
- Given the global reach of NSO Group's customer base and the apparent vulnerability of almost all iPhone devices prior to the iOS 14 update, we suspect that the infections that we observed were a miniscule fraction of the total attacks leveraging this exploit.
There are other findings which are then followed by an in-depth analysis of a few infections. The story concludes with an admonition to "Update your iOS Device Immediately":
Read more of this story at SoylentNews.