Just pay the NSO Group. Logs suggest their spyware was able to secretly record phone calls and take photos using the phone’s camera.
From Zack Whittaker’s “Dozens of journalists’ iPhones hacked with NSO ‘zero-click’ spyware, says Citizen Lab” posted Sunday on Techmeme:
For more than the past year, London-based reporter Rania Dridi and at least 36 journalists, producers and executives working for the Al Jazeera news agency were targeted with a so-called “zero-click” attack that exploited a now-fixed vulnerability in Apple’s iMessage. The attack invisibly compromised the devices without having to trick the victims into opening a malicious link.
Citizen Lab, the internet watchdog at the University of Toronto, was asked to investigate earlier this year after one of the victims, Al Jazeera investigative journalist Tamer Almisshal, suspected that his phone may have been hacked.
In a technical report out Sunday and shared with TechCrunch, the researchers say they believe the journalists’ iPhones were infected with the Pegasus spyware, developed by Israel-based NSO Group.
The researchers analyzed Almisshal’s iPhone and found it had between July and August connected to servers known to be used by NSO for delivering the Pegasus spyware. The device revealed a burst of network activity that suggests that the spyware may have been delivered silently over iMessage.
Logs from the phone show that the spyware was likely able to secretly record the microphone and phone calls, take photos using the phone’s camera, access the victim’s passwords, and track the phone’s location.
My take: The Israel-based NSO Group is scary as hell. It employed more than 500 people as of 2017. According to various reports, software they created was used in targeted attacks against human rights activists and journalists in several countries, was used in state espionage against Pakistan, and played a role in the murder and dismemberment of Saudi dissident Jamal Kashoggi by agents of the Saudi government.