Several dozen journalists have been affected by sophisticated spyware on their iPhones. It was distributed via a zero day in iMessage on iOS 13.5, requiring no user interaction.
The journalists are said to have been hit by the Pegasus spyware, writes human rights organization CitizenLab. It was previously used, among other things, for attacks on WhatsApp. The spyware entered through an exploit designed by the Israeli espionage company NSO Group. The attacks are said to have been carried out on at least 36 personal phones of journalists and employees of Al-Jazeera, and of the British medium Al Araby TV. CitizenLab links the attacks to NSO Group customers coming from Saudi Arabia and the United Arab Emirates.
The victims have been infected by an advanced zero-day in iOS. It is an exploit chain that the group calls Kismet. It is a rare zero day; the exploit was executable without user interaction, so victims did not have to click a link or open an attachment. Such exploits have been selling for more and more money in recent years, although buyers say the iOS zero-day market is flooding.
Once the attackers were on a plane, they had many options. They could listen in with audio or watch with the camera, see the location of the device, and retrieve saved passwords. The vulnerability is said to work on all iPhones up to the iPhone 11 running iOS 13.5.1. According to CitizenLab, the exploit no longer works on iOS 14.