Zero-Click Vulnerability in Apple iMessage

The controversial spyware software from NSO Group is again in the news. This time, for being used against 37 journalists, mostly belonging to Al Jazeera. It’s said the spyware is a zero-click malware that doesn’t leave any trace on the compromised device and has exploited an iMessage vulnerability existing for over a year.

Journalists Spied Through a Spyware!

Zero-Click Vulnerability in Apple iMessageCitizen Lab has uncovered a campaign where dozens of journalists were spied on using the spyware kismet, an NSO Group product. The maker was accused of similar incidents earlier, where it supplied spyware to governments for spying on dissidents and journalists through WhatsApp.

And now, it’s reputedly being used by four operators, two originated from Saudi Arabia and two from UAE, to spy on at least 37 journalists. Out of the four operators found, two were said to have acted on their government’s behalf! The spyware deployed was able to access microphone audio, passwords, and remotely capturing photos.

While it’s unknown how it’s distributed, it’s named a zero-click vector as it didn’t leave any digital traces in the device while spying. One victim named Rania Dridi from Al Araby said she might have been targeted for having links to a Saudi Arabian critic and her discussions on women’s rights.

NSO Group said it was unfamiliar with the matter and will investigate the incident if “credible evidence of misuse” is observed. Also, it said that it doesn’t have any access to the target’s data and made its spyware strictly for use against criminals only.

On the other hand, Apple said it couldn’t verify the Citizen Lab’s claims but acknowledged the attack as “highly targeted” and recommended users to upgrade to the latest software version. Operators have reportedly exploited a vulnerability in iMessage, which is existing for over a year.

LEAVE A REPLY

Please enter your comment!
Please enter your name here