An alleged state-sponsored attack results in dozens of iPhones hacked by exploiting a vulnerability within iMessage.
Hackers exploited an iMessage flaw, which resulted in the hacking of dozens of iPhones owned by journalists in what digital security experts suspect as perpetrated by state-sponsored hackers. Experts say that the iMessage vulnerability has existed for approximately more than a year now, though it remained unpatched up to this time. The hacking attack involved a technique called zero-click one, called as such because it does not require victims to take any action. Digital security experts revealed that hackers enabled the exploit by sending a text message and when the victim opens it, the exploit activates.
iMessage flaw saw journalist’s iPhones hacked in state-sponsored attack https://t.co/v33RlrLFaT pic.twitter.com/gfPRTu5DYo — iPhone News (@_l_l_ll) December 21, 2020
According to news reports, all of the victims were journalists belonging to the news network Al Jazeera. Digital experts believe that the alleged state-sponsored attack, which used an iMessage vulnerability to breach the digital security of the journalists' iPhones, was carried out on behalf of the United Arab Emirates and Saudi Arabia governments. The experts added that there are indications the hackers used spyware developed by an Israeli company.
In a report filed by The Guardian, it revealed that state-sponsored hackers allegedly bought spyware from an Israeli private intelligence firm. Unconfirmed reports reveal that the United Arab Emirates and Saudi Arabia allegedly ordered the unprecedented cyber-attack on the iPhones of the journalists using the smartphone's iMessage vulnerability, hence making the attack state-sponsored. A separate and new report appears to corroborate the source's information. In a shocking new report, Citizen Lab researchers based at the University of Toronto in Canada said they found what appears like a major espionage campaign against the Qatar-based Al Jazeera, regarded as one of the leading media organizations in the world. Observers say that many of the autocratic regimes in the region consider the news organization a thorn on their side.
When sought for comment regarding the alleged state-sponsored hacking attacks against Al Jazeera journalists, which saw hackers using an iMessage vulnerability to perpetrate the deed, NSO Group, which is the maker of the spyware, said its software is only meant for use by government clients to run after criminals and terrorists. The software in question, NSO Group's Pegasus spyware, can infiltrate digital walls, particularly if they contain vulnerabilities, such as those found on the iMessage.
Digital experts say alleged state-sponsored hackers used an exploit chain called KISMET, which seems to involve a hidden zero-click exploit. The exploit took advantage of vulnerability in Apple's iMessage. Experts reveal, however, that KISMET may not work against Apple's iOS 14 and its iterations, which reportedly includes new security protections. Industry observers say those who own iOS smartphones must immediately update their devices to the latest iOS version to protect themselves against such hacking attacks.
