Nine Bahrain activists were the target of a hack with NSO Group’s controversial Pegasus spyware. The hack exploited a vulnerability in iMessage, which allowed malware to be installed on iPhones without user interaction.
Research by The Citizens Lab at the University of Toronto shows that Israeli NSO Group malware has been installed on iPhones belonging to nine Bahrain activists. Two of the activists are political dissidents who have been banned from the country. The Bahrain government is suspected to be behind the hacks.
One of the activists was even allegedly hacked several times in a period of a few months last year. The first hacks are said to have taken place in September 2019. The hacks used the 2020 KISMET vulnerability and a new vulnerability called FORCEDENTRY.
This is not the first time that Pegasus software has been used to spy on journalists, activists and politicians. Just last month, French President Macron’s phone number was discovered on a list of phone numbers targeted for surveillance using the software.
The NSO Group so far denies that the company’s software is being used to spy on journalists, activists or other public figures. According to the maker, Pegasus software is only used to track down criminals and terrorists.