By Kaveesha Fernando
DOHA, Qatar (CWBN)_ Al Jazeera quoted cyber security watchdog Citizen Lab as stating that dozens of their journalists were targeted this year by advanced spyware sold by an Israeli surveillance company. The media company also reported the watchdog as saying that the attack can most likely be linked to the governments of Saudi Arabia and the United Arab Emirates. Alarmingly, the report indicates that millions of iOS device users could be vulnerable right now.
Citizen Lab is an interdisciplinary laboratory at the University of Toronto which focuses on research, development, and high-level strategic policy and legal engagement at the intersection of information and communication technologies, human rights, and global security.
The phones were compromised by identifying a series of vulnerabilities within the system, known as an exploit chain. Citizen Lab states that this particular exploit chain, which they refer to as KISMET, appeared to involve an invisible vulnerability known as a “zero-click exploit”, which attacks the system without the user having done anything at all (such as click on a malicious link). This particular zero click exploit was present on iOS’s iMessage app. In July 2020, KISMET could hack Apple’s then-latest iPhone 11, according to Citizen Lab, who also say that the cyberattacks were carried out by NSO users (through KISMET or similar exploit chains) between October and December 2019.
“The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates. We do not believe that KISMET works against iOS 14 and above, which includes new security protections. All iOS device owners should immediately update to the latest version of the operating system,” the report stated.
“Given the global reach of NSO Group’s customer base and the apparent vulnerability of almost all iPhone devices prior to the iOS 14 update, we suspect that the infections that we observed were a miniscule fraction of the total attacks leveraging this exploit. Infrastructure used in these attacks included servers in Germany, France, UK, and Italy using cloud providers Aruba, Choopa, CloudSigma, and DigitalOcean,” the report added.
