Invisible 'Kismet' iMessage exploit used to hack journalists' iPhones

Posted:
in iOS edited December 2020
A group of 37 journalists has fallen prey to an iMessage vulnerability, one that has existed for a year, enabling bad actors supposedly working for governments to spy on the journalists' activities.




A report from the University of Toronto's Citizen Lab claims to have uncovered an operation that took place during July and August of 2020, one conducted by government operatives. The campaign attacked 37 iPhones owned by journalists, producers, anchors, and executives at news-gathering organizations, with the main target being Al Jazeera.

The attacks used Pegasus spyware from NSO Group, specifically a vulnerability referred to as "Kismet." It is believed the vulnerability was an "invisible zero-click exploit in iMessage," and was a zero-day exploit against iOS 13.5.1 and possibly other releases.

Logs of compromised iPhones gathered by Citizen Lab indicate a number of NSO Group customers also used the same exploit between October and December 2019, suggesting it is one that wasn't detected or fixed for a considerable length of time.

The group were attacked by four Pegasus operators, including one known as "Monarchy" that was attributed to Saudi Arabia, while "Sneaky Kestrel" was thought to have performed attacks on behalf of the UAE.

It is likely that the operators were connected to the crown princes of the two countries, as a lawsuit from one Al Jazeera anchor blamed the pair for hacking her iPhone, and disseminating doctored photographs of the victim.

Once attacked, a target's iPhone would start to upload large amounts of data, sometimes totaling hundreds of megabytes, without the user's knowledge. It is thought the data that was being transferred included ambient audio recorded by the microphone, the content of encrypted phone calls, photographs taken by the camera, the device's location, and potentially any stored passwords or account credentials.

A statement from Apple seen by The Guardian calls the attacks "highly targeted by nation-states" against individuals. "We always urge customers to download the latest version of the software to protect themselves and their data," Apple added, though also advising it couldn't independently verify the analysis of Citizen Lab.

It seems that the attack vector doesn't work for iPhones updated to run iOS 14 or later, which may mean devices using the operating system are currently safe.

Comments

  • Reply 1 of 10
    GeorgeBMacGeorgeBMac Posts: 10,260member
    This is not the first time these countries have been caught cyberhacking.   It's not ONLY Russia leading these efforts.

    Cyberhacking along with its close cousin, disinformation, has become a new form of warfare and the U.S. needs to step up its response to it.   A lot.

    Democracy depends on the people knowing the truth -- and these cybercrimes are undermining that foundation.
    radarthekatdysamoria
  • Reply 2 of 10
    It would be good to understand how this exploit works.  Does "invisible zero-click exploit in iMessage" mean that the user never had to click on link to get infected?  That is pretty scary especially for iPhones.  I also think Apple needs to be more transparent with these exploits to really drive home that the updates are very important to install.
    watto_cobra
  • Reply 3 of 10
    Apple... please no more revolving back doors. 

    We will just read a similar article next year. But it will be due to a different “vulnerability” that somehow acts just like back door. 

    It’s not just our government that will “exploit” it. 
    edited December 2020 CheeseFreeze
  • Reply 4 of 10
    dewmedewme Posts: 3,810member
    doggone said:
    It would be good to understand how this exploit works.  Does "invisible zero-click exploit in iMessage" mean that the user never had to click on link to get infected?  That is pretty scary especially for iPhones.  I also think Apple needs to be more transparent with these exploits to really drive home that the updates are very important to install.
    By definition, zero-day exploits are ones that the platform owner knows nothing about. About the only honest statement Apple could make in regard to these types of exploits is: "We don't know what we don't know." 

    Keep in mind that there is a thriving market for zero-day exploits. These exploits are very highly sought after by both the "good guys" and the "bad guys." Who is considered a good-guy and who is considered a bad-guy is often subject to debate, whose side you're on, and can vary or flip based on any given situation. There are no simple answers.


    chiawatto_cobra
  • Reply 5 of 10
    gatorguygatorguy Posts: 23,165member
    doggone said:
    It would be good to understand how this exploit works.  Does "invisible zero-click exploit in iMessage" mean that the user never had to click on link to get infected?  That is pretty scary especially for iPhones.  
    Correct.
  • Reply 6 of 10
    razorpitrazorpit Posts: 1,796member
    The two remaining journalists must be terrified at this news.  :D
    hexclock9secondkox2
  • Reply 7 of 10
    dysamoriadysamoria Posts: 3,429member
    This is not the first time these countries have been caught cyberhacking.   It's not ONLY Russia leading these efforts.

    Cyberhacking along with its close cousin, disinformation, has become a new form of warfare and the U.S. needs to step up its response to it.   A lot.

    Democracy depends on the people knowing the truth -- and these cybercrimes are undermining that foundation.
    The deeper problem is that a lot of people don’t know how to recognize the truth, or actively refuse to acknowledge it. Critical thinking skills are at an all-time low, and ego tends to obstruct people from correcting their malformed views of the world around them.
  • Reply 8 of 10
    dysamoriadysamoria Posts: 3,429member
    Am I correct in taking from this article that my iOS 12.x devices are not vulnerable to this exploit?
  • Reply 9 of 10
    GeorgeBMacGeorgeBMac Posts: 10,260member
    dysamoria said:
    This is not the first time these countries have been caught cyberhacking.   It's not ONLY Russia leading these efforts.

    Cyberhacking along with its close cousin, disinformation, has become a new form of warfare and the U.S. needs to step up its response to it.   A lot.

    Democracy depends on the people knowing the truth -- and these cybercrimes are undermining that foundation.
    The deeper problem is that a lot of people don’t know how to recognize the truth, or actively refuse to acknowledge it. Critical thinking skills are at an all-time low, and ego tends to obstruct people from correcting their malformed views of the world around them.

    The real problem is those who listen to right wing propaganda sites -- and believe the bull.
  • Reply 10 of 10
    dysamoria said:
    This is not the first time these countries have been caught cyberhacking.   It's not ONLY Russia leading these efforts.

    Cyberhacking along with its close cousin, disinformation, has become a new form of warfare and the U.S. needs to step up its response to it.   A lot.

    Democracy depends on the people knowing the truth -- and these cybercrimes are undermining that foundation.
    The deeper problem is that a lot of people don’t know how to recognize the truth, or actively refuse to acknowledge it. Critical thinking skills are at an all-time low, and ego tends to obstruct people from correcting their malformed views of the world around them.

    The real problem is those who listen to right wing propaganda sites -- and believe the bull.
    The real problem is turning off any of your critical thinking functions regardless of left/right wing affiliation.  Always critical think, regardless of source.
    elijahg
Sign In or Register to comment.