Saudi activist’s phone leads to discovery of Apple iMessage hack

Spyware researchers have captured what they say is a new exploit from NSO Group’s Pegasus surveillance tool targeting iPhones and other Apple devices through iMessage, in yet another sign that chat apps have become a popular way to hack into the devices of political dissidents and human rights activists.

Apple is issuing a patch on Monday to close the exploit discovered by researchers at Citizen Lab who, they said, found the hack in the iPhone records of a Saudi political activist and alerted the company to the problem.

A wall on a branch of the Israeli NSO Group company, near the southern Israeli town of Sapir.Credit:AP

This is the first time since 2019 that the malicious code used in a Pegasus hack has been discovered by researchers and offers new insights into the techniques of the company, highlighted in July by The Pegasus Project, a multi-part global investigation by The Washington Post and 16 other news organisations.

The researchers declined to name the Saudi activist who was targeted, at the person’s request. They also did not reveal what NSO governmental client they believe deployed Pegasus against this person. They did say that the hacking technique used, which they called FORCEDENTRY, has been active since February and can invade Apple iPhones, MacBooks and Apple Watches secretly in what’s called a “zero-click attack” – something of a specialty for NSO, which is based in Israel.

“We wouldn’t have discovered this exploit if NSO’s tool wasn’t used against somebody they shouldn’t be targeting,” said John Scott-Railton, a researcher for Citizen Lab, based at the University of Toronto’s Munk School of Global Affairs and Public Policy.

He added, “Chat programs are quickly becoming a soft underbelly of device security.”

“Chat programs are quickly becoming a soft underbelly of device security,” said one reseacher.Credit:AP

Apple did not immediately respond to a request for comment.

NSO Group says it licenses its Pegasus spyware tool to government agencies and police forces around the world to investigate major crimes. But the Pegasus Project investigation and earlier reports by Citizen Lab found that the tool had also been used to target political dissidents, business leaders, journalists and human rights activists.

As part of the Pegasus Project, forensic analyses revealed that 67 phones had shown signs of a successful Pegasus infection or intrusion attempt. Amnesty International’s Security Lab, a technical partner of the investigation, said last week that it has confirmed infections or traces of Pegasus spyware in 15 additional phones since the stories were first published in July, including a phone belonging to British human-rights activist David Haigh.

Forbidden Stories, a Paris-based journalism nonprofit, and Amnesty International, a human rights group, helped coordinate the investigation and run forensic analyses on smartphones.

Monday’s findings by Citizen Lab could renew pressure on NSO Group and Israel, which approves Pegasus export licenses. Israel’s foreign minister, Yair Lapid, said earlier this month the government would review NSO’s work to ensure “nobody is misusing anything that we sell”.

A top adviser to President Joe Biden discussed the spyware during a July meeting with a senior official with Israel’s Ministry of Defence, and members of Congress have called on the White House to push forward on regulations, sanctions and other investigations designed to address the spyware’s misuse.

Washington Post

Get a note direct from our foreign correspondents on what’s making headlines around the world. Sign up for the weekly What in the World newsletter here.

Most Viewed in World

From our partners

Source: Read Full Article