THE OTHER OVERLOOKED HACK

Powerful iPhone hack targets dozens of journalists, report says

State-backed attackers reportedly used spyware from NSO Group to hack iPhones belonging to Al Jazeera journalists.

Carrie Mihalcik, Laura Hautala
Dec. 21, 2020 10:03 a.m. PT

The journalists were hacked by four operators using spyware from NSO Group, according to Citizen Lab, which concluded with "medium confidence" that two attackers were working on behalf of the Saudi Arabian and UAE governments. NSO Group is an Israel-based firm that makes hacking tools for government clients, and is part of a larger industry that creates helps government entities access its targets' phones, computers and other devices. The hacking tools are supposed to help law enforcement and counter-terrorism efforts, but critics say the industry as a whole is prone to helping authoritarian governments hack the devices of dissidents and journalists.

NSO Group has been implicated by previous reports and lawsuits in other hacks, including a reported hack of Amazon CEO Jeff Bezos. A Saudi dissident sued the company in 2018 for its alleged role in hacking a device belonging to journalist Jamal Khashoggi, who had been murdered inside the Saudi embassy in Turkey that year. Journalists and activists from Mexico and Qatar have also sued the company for providing tools that hacked their devices. A Citizen Lab report from January said a New York Times journalist writing about a Saudi dissident received a link containing a NSO Group hacking tool on his phone in 2018.

NSO Group pushed back on the most recent Citizen Lab report in a statement on Monday, saying the group made assumptions to support its own agenda.

"This memo is based, once again, on speculation and lacks any evidence supporting a connection to NSO," said an NSO spokesperson in an emailed statement. "NSO provides products that enable governmental law enforcement agencies to tackle serious organized crime and counterterrorism only, and as stated in the past we do not operate them."

The attack reportedly doesn't work against iOS 14, which was released in September and includes new security protections. Apple said it hasn't been able to independently verify Citizen Lab's research, but noted that attacks developed by NSO Group generally aren't targeted at average iPhone customers.

"At Apple, our teams work tirelessly to strengthen the security of our users' data and devices. iOS 14 is a major leap forward in security and delivered new protections against these kinds of attacks," said an Apple spokesperson in an emailed statement. "The attack described in the research was highly targeted by nation-states against specific individuals."

First published on Dec. 21, 2020 at 8:29 a.m. PT.

THE ONLY SMART PHONE THAT IS NOT HACKABLE IS A BLACKBERRY!