The report found that 36 journalists, producers, anchors, and executives had their iPhones compromised by Pegasus spyware. The spyware, developed and sold by Israeli-based firm NSO Group, targets security vulnerabilities in the iMessage app. The so-called “zero-click” exploit deploys without any user interaction. Once installed, it can record ambient sound and phone conversations, take pictures, and access user credentials.
How Do Zero-Click Exploits Work?
Malware infections generally occur when users interact with malicious code by clicking on a URL or downloading malicious software disguised as an authentic program. But zero-click spyware penetrates devices without any user interaction.
In its investigation of the Pegasus attacks, Citizen Lab monitored mobile internet traffic and found that one targeted phone visited installation servers for NSO Group’s Pegasus spyware. Instructions to visit the installation server seem to have come through a vulnerability in the iMessage app, via Apple’s own iCloud system.
Who Was Responsible for the Attacks?
Citizen Lab researchers found evidence, based on previously documented Pegasus attacks, that the bulk of the attacks on the journalists came from four NSO customers. These customers included the governments of Saudi Arabia and the United Arab Emirates.
The report notes that more than a dozen other journalists have also suffered similar zero-click attacks by NSO spyware. These kinds of attacks against journalists have accelerated in recent months, according to Citizen Lab. The group says it has also documented attacks on journalists by threat actors in China, Russia, Ethiopia, and Mexico.
Who Is NSO Group?
Founded in 2010, the NSO Group is a secretive Israel-based surveillance company that some have described as a “cyber arms dealer.” Citizen Lab in partnership with mobile security company Lookout first reported on the capabilities of NSO Group’s marquee product Pegasus back in 2016. An unsuccessful attack on a UAE human rights activist led to the discovery of Pegasus and of previously unknown security weaknesses in iPhones that it exploits.
More recently, NSO Group has been the focus of a contentious lawsuit brought in October 2019 by the popular Facebook-owned chat app WhatsApp. The suit alleges that NSO Group developed an exploit for WhatsApp that allowed governments to monitor communications to and from diplomats, journalists, human rights activists, and political dissidents.
Earlier this year, a federal judge ruled that the suit could proceed. A brief filed this week in support of the lawsuit, laid out the broader security risks at stake. “Widespread creation and deployment of these tools by private companies acting for profit dramatically increases the risk that these vulnerabilities will be obtained and exploited by malicious actors….”
How to Protect Yourself
Zero-click attacks require no action by device users. They operate in the background and leave little to no trace of their presence or activities. These attributes make it difficult to defend yourself. Citizen Lab and others recommend making sure that your mobile OS is updated to the latest version. Identified vulnerabilities in previous versions of iOS were patched in the iOS 14 update.
Beyond regular updates, practicing good digital hygiene is always important for the security of your mobile devices. The site breachalarm.com can tell you if your email credentials have been compromised. Use strong passwords on any apps that contain sensitive data, and delete any apps that you don’t regularly use.
Malware is a growing threat for mobile phone users. In addition to data breaches, malware can lead to logical failures and data loss. Secure Data Recovery Services specializes in data recovery on iPhone and Android devices. Our certified data recovery engineers employ cutting-edge proprietary tools to resolve even the most complex mobile data loss scenarios.
Call us at 1-800-388-1266 if you experience data loss on your iPhone or Android device. Secure Data Recovery Services has a proven 96 percent success rate. Our technicians will provide a free diagnostic analysis. You pay nothing until your data is successfully recovered. You also get our “no data, no recovery fee” guarantee. Call now to open a case.