iMessage Zero-Click Exploit Used for Hacking Journalists’ iPhones

BY Rajesh Pandey

Published 21 Dec 2020

A new report details that in July and August 2020, NSO Group’s Pegasus spyware was used to hack the phones of 36 journalists, producers, and anchors at Al Jazeera. The iPhones were hacked using a zero-click iMessage exploit and an exploit chain dubbed KISMET. It even worked on the iPhone 11 running iOS 13.5.1 — the very latest release of iOS 13 at that time.

For the uninitiated, Pegasus from NSO Group is spyware that is used for remote smartphone surveillance. The company sells its services to various government and law enforcement agencies worldwide. The Citizen Lab report highlights that there has been a rise in successful zero-click exploits against iPhones since 2016, with many of the hackers targeting iMessage since it comes pre-installed on all Apple products. It also reveals that the iPhone Xs Max of Rania Dridi, a journalist for Al Araby TV, was hacked over six times between October 2019 and July 2020 using the Pegasus spyware. In at least two such instances, the exploits used were zero-day as the iPhone was running the latest version of iOS available at that time.

In other instances, a newer version of iOS was available so it is unclear if the exploit used were zero-day or not. Two attacks carried out on the journalist’s phone in July were done using the KISMET zero-click exploit. What’s even worse is that the Pegasus implant in the infected iPhone units had the ability to record ambient audio, record audio of encrypted phone calls, take pictures using the camera, track the device location, and access passwords and other credentials stored on the phone. From the logs inspected by Citizen Lab, it looks like the Pegasus implant might not survive iOS updates which also explains why the same device was repeatedly hacked despite the implant already being placed the first time around.

On the bright side, there’s no evidence of any of the zero-click exploits including KISMET working on iOS 14. While it is likely that the NSO Group will come up with some other exploits to use on iPhones running iOS 14, for now, if you value your security and privacy, you should immediately update your iPhone to iOS 14.

[Via CitizenLab]