Think Your iPhone is UnHackable? Think Again. Al Jazeera Journalists' iPhones Were Silently Hacked Using Pegasus Spyware
Table of Contents
- By Dawna M. Roberts
- Published: Dec 22, 2020
- Last Updated: Mar 18, 2022
iPhone users generally believe that their phones are un-hackable. In many cases, they would be correct. However, although the iOS system is far superior in terms of keeping the bad guys out, it is not infallible. A group of Al Jazeera journalists was hacked using the NSO Zero Click spyware.
What Happened?
First noted by Citizen Lab at the University of Toronto and then later reported by Tech Crunch and BBC News, a group of 36 journalists working for Al Jazeera news were the victims of an attack on their iPhones, allegedly exploiting an (already fixed) bug in iMessage.
Cybersecurity researchers have traced the attack to an Israeli firm called NSO Group, but they deny the allegations and say there is no proof. However, BBC News reported that "Citizen Lab researchers say they concluded with "medium confidence" that two attackers who had spied on the phones of Al Jazeera journalists were doing so on behalf of the Saudi Arabian and UAE governments."
The researchers further explained that the attack used a zero-day exploit, which Apple was unaware of but that existed in iOS 13.5.1 and affected many Apple iPhones running iOS 11.
An investigative filmmaker with Al Jazeera, Mr. Almisshal, contacted Citizen Lab and expressed concern that his iPhone was hacked and he was being spied on. Citizen Lab took possession of the device to see what was going on with it.
They soon commented on their findings "We noticed that on 19 July 2020, his phone visited a website that we had detected in our internet scanning as an Installation Server for NSO Group's Pegasus spyware, which is used in the process of infecting a target with Pegasus."
Thankfully the exploit has been fixed and does not work on iOS 14 (the latest version of the iPhone operating system). Apple confirms that the bug was fixed and that iOS 14 is much more secure. BBC quoted a spokesperson from Apple who said, "The attack described in the research was highly targeted by nation-states against specific individuals." We always urge customers to download the latest version of the software to protect themselves and their data."
Another London-based journalist Dridi had the same spyware on her phone but was targeted by the UAE government. Her cellphone was infected and targeted for a longer period of time (best guesses say October 2019 until July 2020). She was quoted as saying, "My life is not normal anymore. I don't feel like I have a private life again. To be a journalist is not a crime.
How Did it Happen?
Unlike a lot of malware and spyware infections, the users themselves never had to click a link or download anything. The attack on the journalists was silent, probably executed through a malicious empty iMessage.
The report issued by Citizen Lab described the Pegasus spyware and its origins:
"NSO Group's Pegasus spyware is a mobile phone surveillance solution that enables customers to remotely exploit and monitor devices. The company is a prolific seller of surveillance technology to governments around the world, and its products have been regularly linked to surveillance abuses.
Pegasus became known for the telltale malicious links sent to targets via SMS for many years. This method was used by NSO Group customers to target Ahmed Mansoor dozens of members of civil society in Mexico, and political dissidents targeted by Saudi Arabia, among others. The use of malicious links in SMSes made it possible for investigators and targets to quickly identify evidence of past targeting. Targets could not only "notice" these suspicious messages, but they could also "search" their message history to detect evidence of hacking attempts.
The research on Mr. Almisshal's phone showed that during the summer (July and August), his phone connected to servers that linked back to NGO Group. They also found that his microphone had been accessed and were used to record phone conversations. The spyware also accessed passwords and used the camera to take photos while tracking the phone's locations as well.
How Can iPhone Users Protect Themselves?
Apple is a staunch believer in security and privacy. The most critical suggestion to users is that they update their operating system immediately to iOS 14 and keep it updated as new releases come out.
- Additionally, configure the phone's security settings for the highest level.
- Keep robust anti-malware software on the phone and run it often.
- Regularly go through the phone looking for any suspicious activity or apps you don't recognize.
- Never click a link or download attachments in an email. That is one of the most common ways phones get infected with malware or spyware.
