The iPhones of nine Bahrain activists have been hacked and infected with Pegasus, eavesdropping software from the Israeli company NSO Group. To penetrate their smartphones, the attacker used two zero-click exploits in iMessage. It is believed that the Bahrain government has ordered the hacking of the dissidents’ iPhones.
This is according to research by The Citizens Lab at the University of Toronto.
Eavesdropping by the Bahrain Government
According to the researchers, it is clear that the malware on the devices of the activists comes from the NSO Group. Four of the nine hacked devices involved a hacker named LULU, a well-known name in the hacking community who is widely known to use Pegasus software to break into his targets. The Citizens Lab says the hacker works for the Bahrain government.
The hacking attacks took place between September 2019 and the end of last year. One of the activists was reportedly hacked several times during this period. Two of the victims targeted by the hacking attack currently live in London. This is remarkable because the Bahrain government has so far only bugged activists and journalists in Bahrain and Qatar. It is the first time that the island nation in the Persian Gulf has been eavesdropping and spying on people in Europe. He may have been hacked by another government, The Citizens Lab suggests.
The hacker abused these exploits
To crack the iPhones, the hacker used two so-called zero-click exploits in iMessage. These are vulnerabilities that hackers can exploit without the owner of the device having to do anything. These are the KISMET exploit, which dates back to 2020, and the recently discovered vulnerability FORCEDENTRY.
With this latest exploit, it is possible to bypass the BlastDoor feature in iOS. Apple introduced BlastDoor in iOS 14 with the aim of parsing and analyzing unreliable data sent via iMessage.
Hundreds of journalists, politicians and businessmen bugged with Pegasus
The message once again puts NSO Group in a bad light. In July, 17 news organizations reported that between 2016 and June 2019, governments used the Israeli company’s wiretapping software to wiretap and spy on hundreds of journalists, activists and human rights lawyers.
The media had obtained a list containing 50,000 telephone numbers. So far, they have managed to identify the identities of about a thousand owners. The list included names of prominent business figures, human rights activists and politicians. In addition, 189 journalists who worked for media such as CNN, Associated Press (AP) and The Wall Street Journal were also named.
According to The Washington Post, French President Emmanuel Macron was wiretapped with Pegasus. The same goes for Charles Michel, President of the European Council, the Prime Ministers of Pakistan and Egypt, and the King of Morocco Mohammed VI. It is impossible to say whether they have actually been tapped because their mobile phone must be examined.
NSO Group threatens legal action
NSO Group has always denied that Pegasus software is used to wiretap activists. Governments say they use this software to track down terrorists and cybercriminals and protect national security. Our technologies are used daily to take down paedophile and drug and sex trafficker networks, locate missing and abducted children, locate survivors trapped under collapsed buildings and protect the airspace from disruptive penetration by dangerous drones. the company said after news of the list of 50,000 phone numbers surfaced. The Israeli company even threatens to sue organizations for defamation and defamation.
Much resistance to software NSO Group
Meanwhile, the international community is working to curb the use of spy software. Michelle Bachelet, the United Nations High Commissioner for Human Rights, last month called on governments to stop using Pegasus. “The revelations about the apparently widespread use of the Pegasus software to spy on journalists, human rights defenders, politicians and others in various countries are extremely alarming. They seem to confirm some of our worst nightmares about the potential misuse of surveillance technology to illegally undermine people’s human rights,” Bachelet said.
Commercial parties also prefer not to be associated with NSO Group. For example, Amazon removed all online accounts and the company’s entire infrastructure on Amazon Web Services (AWS). The Israeli company used the content delivery network CloudFront to distribute Pegasus. “Once we learned of these activities, we acted quickly to shut down the relevant infrastructure and accounts,” a spokesperson for the online retailer said.
Catch up on more articles here
Follow us on Twitter here