Citizen Lab researchers have found evidence that dozens of journalists had their iPhones silently compromised with spyware known to be used by nation states.
London-based reporter Rania Dridi and at least 36 journalists, producers and executives working for the Al Jazeera news agency were targeted with a so-called “zero-click” attack that exploited a now-fixed vulnerability in Apple’s iMessage. The attack invisibly compromised the devices without having to trick the victims into opening a malicious link.
The researchers of Citizen Lab say they believe the journalists’ iPhones were infected with the Pegasus spyware, developed by Israel-based NSO Group. Logs from the phone show that the spyware was likely able to secretly record the microphone and phone calls, take photos using the phone’s camera, access the victim’s passwords, and track the phone’s location.
Citizen Lab said the bulk of the hacks were likely carried out by at least four NSO customers, including the governments of Saudi Arabia and the United Arab Emirates, citing evidence it found in similar attacks involving Pegasus.