The controversial spyware software from NSO Group is again in the news. This time, for being used against 37 journalists, mostly belonging to Al Jazeera. Itโs said the spyware is a zero-click malware that doesnโt leave any trace on the compromised device and has exploited an iMessage vulnerability existing for over a year.
Journalists Spied Through a Spyware!
Citizen Lab has uncovered a campaign where dozens of journalists were spied on using the spyware kismet, an NSO Group product. The maker was accused of similar incidents earlier, where it supplied spyware to governments for spying on dissidents and journalists through WhatsApp.
NEW REPORT "The Great iPwn: Journalists Hacked with Suspected NSO Group iMessage "Zero-Click Exploit" by @citizenlab @billmarczak @jsrailton @nouraaljizawi @sienaanstis @RonDeibert: https://t.co/Z8FVRaePHB
— Citizen Lab (@citizenlab) December 20, 2020
And now, itโs reputedly being used by four operators, two originated from Saudi Arabia and two from UAE, to spy on at least 37 journalists. Out of the four operators found, two were said to have acted on their governmentโs behalf! The spyware deployed was able to access microphone audio, passwords, and remotely capturing photos.
While itโs unknown how itโs distributed, itโs named a zero-click vector as it didnโt leave any digital traces in the device while spying. One victim named Rania Dridi from Al Araby said she might have been targeted for having links to a Saudi Arabian critic and her discussions on womenโs rights.
NSO Group said it was unfamiliar with the matter and will investigate the incident if โcredible evidence of misuseโ is observed. Also, it said that it doesnโt have any access to the targetโs data and made its spyware strictly for use against criminals only.
On the other hand, Apple said it couldnโt verify the Citizen Labโs claims but acknowledged the attack as โhighly targetedโ and recommended users to upgrade to the latest software version. Operators have reportedly exploited a vulnerability in iMessage, which is existing for over a year.