36 Personal iPhones that belonged to Al-jazeera’s journalists were taken control of in a cyberattack that took place around July, August 2020. It is believed that the attack was done by nation-state-backed advanced persistent threats (APTs) groups probably belonging or linked to Middle-Eastern countries. The iMessage service of iPhone had a zero-day, exploited by attackers, made the attack possible. The spyware used by the attackers to take control over personal iPhones was the Pegasus spyware.
Pegasus spyware is a spyware software that was discovered in 2016, can be easily installed on devices with Apple Operating system i.e. iOS versions and some versions of android, latest versions of the spyware are capable of tracking calls, reading text messages, collecting passwords, mobile phone targeting, gathering user information through installed apps and accessing the target device’s camera and microphone. This Pegasus spyware is developed and sold by the NSO group of Israel to the governments of various countries.
NSO is an Israel Technology firm that builds and sells Pegasus spyware software. Here NSO stands for the names of company founders – Niv, Shalev, and Omri. This tool was meant to be used by the government for fighting crimes and terrors by taking control of one’s phone. However, it is also believed that this software is used by many other authorities for iniquitous motives.
KISMET is an exploit chain that was used to take control of iPhones of victims and was taken advantage of for the zero-click exploit of the iMessage. At the time of the attack, around July, August, KISMET was a zero-day for iPhone for iOS 13.5.1 and was capable of hijacking the latest iPhone 11 at that time. The Citizen Lab also said that they were able to find logs that suggest a similar zero-click, zero-day exploit or KISMET was placed in the compromised phones earlier in December 2019. The iPhones of journalists were hacked by four Pegasus operators. Out of the four operators two are considered to be the SNEAKY KESTREL from the United Arab Emirates and MONARCHY from Saudi Arabia.
Citizen Lab believes that KISMET doesn’t work in iOS 14 & above versions and so every iPhone user should stay updated to the latest versions that include security protections against such malware. They also state that analyzing the NSO’s customer base and iOS vulnerability before iOS 14 versions, the victims of the attack discovered could be just a tiny cluster of the bigger event.
A research claimed that Pegasus spyware is being used in more than 43 countries actively. Pegasus is a popular spyware that is probably used all over the world by most of the nations for the capabilities of spying and surveillance. So, it is suggested that smartphone users should always avoid clicking links of unknown sources and should stay updated to the latest versions of their operating systems to avoid being victims of such attacks.