During the summer of 2020, the iPhones of 36 journalists from the Qatari channel Al Jazeera were hacked by the NSO, an Israeli computer security company, says a Citizen Lab report.
To successfully hack journalists' phones, the company used “Day one” attack technologies, therefore operating under the same OS that Apple was offering at the time of the attack. Thus the cell phone of journalist Rania Dridi, correspondent in London for the Qatari channel, was compromised six times, according to information collected by Citizen Lab.With almost every iOS update, the spyware no longer worked and the phone had to be contaminated again.
But the method of contamination being very simple, the NSO hackers had no problem getting into the phones of the targeted journalists. In order to achieve their goal,they used an iMessage flaw, the application being native, it is present on all iPhones without exception, and has the reputation, given that it is developed by Apple, of being very secure.
An infallible “Zero click” method
The NSO group would have used a “zero click” method to enter the victim’s iPhone. The latter would never have had to click on a pirate link, or open a booby-trapped file, practices that are far too obvious, especially for people like these journalists, who are well aware of the risks of hacking. So with this method, the user did not realize the hacking, and therefore could not do anything about it, until the next iOS update which most often resolved the problem.
The virus, named Pegasus, could, once installed in the iPhone, record ambient sound, record the sound of encrypted phone calls, or take photos, track the iPhone's location, and access passwords and other information. credentials stored on the phone, all without fear of being spotted by the user.
According to the conclusions of Citizen Lab, at the origin of this revelation, the Pegasus virus would not have survived the latest updates of iOS, notably at the beginning of fall with the release of iOS 14 which definitively corrected the security flaw in iMessage. Pegasus could still be active on phones that have not been updated.
i-nfo.fr - Official iPhon.fr app
By : Keleops AG
