Pegasus Spyware

Last year, Israel-based NSO Group (aka Q Cyber Technologies) was in the news for hacking into WhatsApp of several high profile persons via Pegasus spyware.

Investigation revealed that a handful of government agencies hired NSO Group to illegally track activists, journalists, and even the Amazon founder Jeff Bezos. As per reports in the media, more than 45 countries including Bangladesh, Brazil, Hong Kong, India, Pakistan, Saudi Arabia, United Arab Emirates are clients of NSO Group.

Citizen Lab, which unearthed Pegasus spyware has come up with another shocking report, but this time, it is related to the Apple Messages app of iPhone.

It revealed that an Israeli firm hacked into the Apple iPhones of 36 journalists, producers, anchors, and executives at Al Jazeera. Even another outstation journalist at London-based Al Araby TV was also tracked illegally using spyware.

NSO Group operatives used Kismet, a zero-click, zero-day exploit to hack into iPhones.

Zero-day exploit: It is a software vulnerability that is unknown to the company (in this case, Apple) that is responsible for mitigating the security loop-hole.

Zero- Click exploit: It is a sophisticated technique that can be used to drop malware/spyware into a device without the victim ever knowing it. Also, hackers need not even have to use parlour tricks to hoodwink users into clicking a malicious URL link or download an app.

“In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple’s then-latest iPhone 11. Based on logs from compromised phones, we believe that NSO Group customers also successfully deployed KISMET or a related zero-click, zero-day exploit between October and December 2019,” Citizen Lab said in the report.