- Sophisticated spyware was used to hack the phones of 36 Al Jazeera journalists, Citizen Lab said in a new report.
- Citizen Lab said the hack, which it dubbed “Kismet,” could be traced back to software made by Israeli security company NSO Group.
- NSO Group denied any involvement.
- Citizen Lab said it believed the hack was ineffective against iPhones with the iOS 14 update, but that the scale of the hack prior to that update could be worryingly large.
Journalists at news organization Al Jazeera were targeted by an iPhone hack that sent iMessages loaded with malware, the University of Toronto’s Citizen Lab reports.
The hacking tool, dubbed “Kismet,” was a zero-click, zero-day hack, meaning Apple had no idea the exploit existed, and the malware didn’t need targets to click on anything for it to take effect.
Citizen Lab said the attack used the “Pegasus” software made by well-known Israeli security company NSO Group. Citizen Lab said it had identified four separate entities using Pegasus in the attack. It said it could, with “medium confidence,” link one of the four to Saudi Arabia, and another to the United Arab Emirates.
In a statement to Business Insider, NSO Group denied involvement, saying Citizen Lab’s report was based on “speculation.”
“NSO provides products that enable governmental law enforcement agencies to tackle serious organized crime and counterterrorism only, and as stated in the past we do not operate them,” a spokesperson for NSO Group said.
“However, when we receive credible evidence of misuse with enough information which can enable us to assess such credibility, we take all necessary steps in accordance with our investigation procedure in order to review the allegations,” they added.
This isn’t the first time NSO Group’s Pegasus software has been linked with hacking journalists’ phones. In June of this year, Amnesty International said Pegasus had been used by the Moroccan government to hack a Moroccan journalist’s phone. NSO Group did not confirm nor deny the claims, and promised to investigate.
In October last year, Facebook filed a lawsuit against the company claiming its software was used to perpetrate a large-scale hack of WhatsApp users,…